Your message dated Mon, 28 Jul 2025 09:05:48 +0000
with message-id <[email protected]>
and subject line Bug#1107938: fixed in libxml2 2.12.7+dfsg+really2.9.14-2.1
has caused the Debian Bug report #1107938,
regarding libxml2: CVE-2025-6170
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1107938: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107938
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libxml2
Version: 2.12.7+dfsg+really2.9.14-1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/941
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libxml2.
CVE-2025-6170[0]:
| A flaw was found in the interactive shell of the xmllint command-
| line tool, used for parsing XML files. When a user inputs an overly
| long command, the program does not check the input size properly,
| which can cause it to crash. This issue might allow attackers to run
| harmful code in rare configurations without modern protections.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-6170
https://www.cve.org/CVERecord?id=CVE-2025-6170
[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/941
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.12.7+dfsg+really2.9.14-2.1
Done: Guilhem Moulin <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guilhem Moulin <[email protected]> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 27 Jul 2025 00:59:51 +0200
Source: libxml2
Architecture: source
Version: 2.12.7+dfsg+really2.9.14-2.1
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Guilhem Moulin <[email protected]>
Closes: 1107938
Changes:
libxml2 (2.12.7+dfsg+really2.9.14-2.1) unstable; urgency=medium
.
* Non-maintainer upload.
* Fix CVE-2025-6170: Potential buffer overflows in the interactive shell
(Closes: #1107938).
Checksums-Sha1:
6210d849f73075bf73c9ceff78087ab61cb9befd 3034
libxml2_2.12.7+dfsg+really2.9.14-2.1.dsc
7736c7e97aaf66cfa9aafd64bd78f738a6fb7b0e 43432
libxml2_2.12.7+dfsg+really2.9.14-2.1.debian.tar.xz
1c37bcc630106feae68c01b0f63ee8ecdd4a2163 9591
libxml2_2.12.7+dfsg+really2.9.14-2.1_amd64.buildinfo
Checksums-Sha256:
a07fc080318d699862a0e27ffb33657d0a51c4af5ab412359e1753d967abf592 3034
libxml2_2.12.7+dfsg+really2.9.14-2.1.dsc
09a20003e3aba38f01ab65bc3cfe202e5a4f7d6e6d5d45b4e73dce8d36b1185a 43432
libxml2_2.12.7+dfsg+really2.9.14-2.1.debian.tar.xz
e0fa5b1267607e586399ea726a6407dd118d6ce96d4fcd7e00bdfd7c6eeb2ac0 9591
libxml2_2.12.7+dfsg+really2.9.14-2.1_amd64.buildinfo
Files:
63a314ac63b0b3a5b3a7c735fb0d05ce 3034 libs optional
libxml2_2.12.7+dfsg+really2.9.14-2.1.dsc
298602e3212d9e23ae3bc043264896a3 43432 libs optional
libxml2_2.12.7+dfsg+really2.9.14-2.1.debian.tar.xz
3b2e134648ebf9409da35c8b68ca86f6 9591 libs optional
libxml2_2.12.7+dfsg+really2.9.14-2.1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmiFX2cACgkQ05pJnDwh
pVKcfxAAtZd2ClrId78JZnrTHM7pPxmh5vOUbbrJiwhi1uLUucBxLDZFmZ7zjlWj
TjV0klQhmDNhr38dg/IQcrNZ/8L556xNhaqirBQkvBnQRv7+8qMjtQiDNcCBOahO
NeuVtJ1lUZZBPAfYCMVWZ4XsyXzTCywrPX1H5fr8yxk3mGYW5aTOy0mfruKcv4v3
GIALFj/eZkFWLOmUCpnM3XAXG95svPopAlt+ENmL4xV/jwiv0TE2g0t47dQ9MIiA
iRfsIrOIe/zS1vFBBCNnQsOhmVjNE3//tz093h18W/MWVDCsUuYx7g3dZcgA/tqY
FOeijocMKhE9QdkpEqz2YAhc1wPn6sAr4OiPmQ6o5itXA6v78kqtspTFjIHp2MhM
2QemRVjVbD+tVSU3yjjyavZF8JWjQdsWHWkHgqNZTfadRgi+msdWQpTmSVoFUIXA
HIVBuLGBEHJWOw5hSQqE0CrzLGimaELaYZQ9PTiVM90d/OJXjzOWnj/6fPfeV2me
wOiXk5RCOSp5Q/G1GatvFgsfJHqFG3A+t4U86HcHVZjRxC8QCOoluI1/ZTPWP7W7
r6xK86aGfozjfqoy/P1lwYUVTnS/CaU59S64DY7w5TiWJENcuipeWIkzAE/xjmVS
wmuPv7M1/Ik5YTfmTk+LTcqpeA6kHiCZcfrYrqAiENCq2Ud8UHI=
=BKJu
-----END PGP SIGNATURE-----
pgpdFD_ULbes0.pgp
Description: PGP signature
--- End Message ---
