-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 06 Jun 2025 16:50:13 +0800
Source: libxml2
Architecture: source
Version: 2.9.14+dfsg-1.3~deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Closes: 1051230 1053629 1063234 1071162 1094238 1098320 1098321 1098322 1102521 1103511
Changes:
 libxml2 (2.9.14+dfsg-1.3~deb12u2) bookworm-security; urgency=high
 .
   * Security fixes:
     - CVE-2023-39615: out-of-bounds read via the xmlSAX2StartElement()
       (Closes: #1051230)
     - CVE-2023-45322: use-after-free in xmlUnlinkNode()
       (Closes: #1053629)
     - CVE-2024-25062: use-after-free in xmlValidatePopElement()
       (Closes: #1063234)
     - CVE-2025-32414: out-of-bounds read in Python bindings
       (Closes: #1102521)
     - CVE-2025-32415: heap-based buffer under-read via
       xmlSchemaIDCFillNodeTables() (Closes: #1103511)
     - CVE-2022-49043: use-after-free in xmlXIncludeAddNode()
       (Closes: #1094238)
     - CVE-2024-34459: buffer over-read in xmlHTMLPrintFileContext of xmllint
       (Closes: #1071162)
     - CVE-2024-56171: use-after-free after xmlSchemaItemListAdd()
       (Closes: #1098320)
     - CVE-2025-24928: stack-buffer-overflow in xmlSnprintfElements()
       (Closes: #1098321)
     - CVE-2025-27113: NULL pointer dereference in xmlPatMatch()
       (Closes: #1098322)
Checksums-Sha1:
 4165e7bb14622b6f74db8bb3af1b566276a5a6a2 2610 libxml2_2.9.14+dfsg-1.3~deb12u2.dsc
 b41615e638174b4e36845c68d4b305dd6a6b541f 2351200 libxml2_2.9.14+dfsg.orig.tar.xz
 e120e21a4f48a004f3b4b1633f589510c16196b8 39296 libxml2_2.9.14+dfsg-1.3~deb12u2.debian.tar.xz
 1a860b74cda936b1b293bf208cc08df06164e47f 5841 libxml2_2.9.14+dfsg-1.3~deb12u2_source.buildinfo
Checksums-Sha256:
 d6f39c8c5fc3d86a53fd7a977c89b0e83913e4d73c230d77cb36dde5a9bc5a73 2610 libxml2_2.9.14+dfsg-1.3~deb12u2.dsc
 4fe913dec8b1ab89d13b489b419a8203176ea39e931eaa0d25b17eafb9c279e9 2351200 libxml2_2.9.14+dfsg.orig.tar.xz
 da8c62b2137dac24d6cc2d4634c85db5314fc3cc89661bace8974a4966ab6a64 39296 libxml2_2.9.14+dfsg-1.3~deb12u2.debian.tar.xz
 7e2c1e47e7976f6e9623edb92adef255c86857ee7e8ca3e2232785b54a1cd83d 5841 libxml2_2.9.14+dfsg-1.3~deb12u2_source.buildinfo
Files:
 f39151b70a2af972b9f032c4515aff37 2610 libs optional libxml2_2.9.14+dfsg-1.3~deb12u2.dsc
 bbcae2f48d1c9b1413ef953ce87e9346 2351200 libs optional libxml2_2.9.14+dfsg.orig.tar.xz
 ddc82a73596b5e5c97eb3015ebd4edbb 39296 libs optional libxml2_2.9.14+dfsg-1.3~deb12u2.debian.tar.xz
 d31ccfd9d6f60d7682954f4a3b3c415c 5841 libs optional libxml2_2.9.14+dfsg-1.3~deb12u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmhCroQACgkQNP8o68vM
TMjHOQf/W2EEXeXPRKCJp9tN7yaxciyhjRu38dxKd38OjRIhtFQvJwVdef10Xhs+
o2eDx/6lPqu8ShHFLxnvmMRMRpf5qw0RdZRYm8ejT92plFNfjPFak2tNUpeTinWs
K5mL8tsfm5lq2poIBkLYXT45/Y4ZZVLzoDafmSpKrGJQNrH5IDpK8104zzTbeRHo
7EOI0ZAKAD0pDMNlD6wbKaTcfZFTHamlQ8l2wNAPXoCe+YjL916cFXDd94igVx+A
kLPYQU9SWmmFdlvuXelJ53CbMU3hwL+m6odileUf5AkK5VerMIHBcDO6Z2/vYCLz
DQUv+rg43+QdL9DMGVpVJGPv61AweQ==
=+3cJ
-----END PGP SIGNATURE-----