Bug#1109440: unblock: libxml2/2.12.7+dfsg+really2.9.14-2

To: Aron Xu <happyaron.xu@gmail.com>
Cc: 1109440@bugs.debian.org
Subject: Bug#1109440: unblock: libxml2/2.12.7+dfsg+really2.9.14-2
From: Ivo De Decker <ivodd@debian.org>
Date: Fri, 18 Jul 2025 09:57:42 +0000
Message-id: <[🔎] aHoalh8ruTfn4ZSP@debian.org>
Reply-to: Ivo De Decker <ivodd@debian.org>, 1109440@bugs.debian.org
In-reply-to: <[🔎] CAMr=8w4f0P78zdXwCfRva7Zk-K2+EjnesiJWb+rRn=VipdyN6w@mail.gmail.com>
References: <[🔎] CAMr=8w4f0P78zdXwCfRva7Zk-K2+EjnesiJWb+rRn=VipdyN6w@mail.gmail.com> <[🔎] CAMr=8w4f0P78zdXwCfRva7Zk-K2+EjnesiJWb+rRn=VipdyN6w@mail.gmail.com>

Control: tags -1 confirmed moreinfo

Hi,

On Thu, Jul 17, 2025 at 11:56:14PM +0200, Aron Xu wrote:
> I would like to apply two patches for libxml2 fixing 3 CVEs:
>  - CVE-2025-6021: integer overflow in xmlBuildQName() (Closes: #1107720)
>  - CVE-2025-{49794,49796}: use after free and type confusion in
> xmlSchematronReportOutput() (Closes: #1107755)

Please go ahead with the upload and remove the moreinfo tag from this unblock
request once the new upload has been in unstable for a few days, and you think
it's ready to migrate.

Thanks,

Ivo

Reply to:

References:
- Bug#1109440: unblock: libxml2/2.12.7+dfsg+really2.9.14-2
  - From: Aron Xu <happyaron.xu@gmail.com>

Prev by Date: Bug#1109413: marked as done (unblock: packmol/1:21.0.2-2)
Next by Date: Processed: Re: unblock: python-eventlet/0.40.1-1
Previous by thread: Processed: unblock: libxml2/2.12.7+dfsg+really2.9.14-2
Next by thread: Processed: Re: unblock: libxml2/2.12.7+dfsg+really2.9.14-2
Index(es):
- Date
- Thread