Your message dated Fri, 05 Jun 2026 13:34:25 +0000
with message-id <[email protected]>
and subject line Bug#1134866: fixed in libxml2 2.15.3+dfsg-1
has caused the Debian Bug report #1134866,
regarding libxml2: CVE-2026-6732
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1134866: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134866
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libxml2.9
Version: 2.15.2+dfsg-0.1
Severity: important
Tags: security upstream
Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for libxml2.
CVE-2026-6732[0]:
| A flaw was found in libxml2. This vulnerability occurs when the
| library processes a specially crafted XML Schema Definition (XSD)
| validated document that includes an internal entity reference. An
| attacker could exploit this by providing a malicious document,
| leading to a type confusion error that causes the application to
| crash. This results in a denial of service (DoS), making the
| affected system or application unavailable.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-6732
https://www.cve.org/CVERecord?id=CVE-2026-6732
[1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097
[2] https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libxml2
Source-Version: 2.15.3+dfsg-1
Done: Aron Xu <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libxml2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Aron Xu <[email protected]> (supplier of updated libxml2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 05 Jun 2026 20:59:42 +0800
Source: libxml2
Architecture: source
Version: 2.15.3+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Aron Xu <[email protected]>
Closes: 1134866
Changes:
libxml2 (2.15.3+dfsg-1) unstable; urgency=medium
.
* New upstream bug fix release. Closes: #1134866, CVE-2026-6732.
* d/copyright: refresh contents, drop reference to removed trio files,
update upstream source URL and copyright years.
* d/libxml2-16.symbols: stamp xmlRelaxParserSetIncLImit with the
upstream 2.15.2 introduction version.
Checksums-Sha1:
2d2ee5807671f7babc9dc0c9e4d81799359ea2e9 2738 libxml2_2.15.3+dfsg-1.dsc
7b678ae88edd327d46ba83f0d69b503d9ccd8887 2349324
libxml2_2.15.3+dfsg.orig.tar.xz
4f8b984c7dbd673847432b41a350f8d6df4822e3 36176
libxml2_2.15.3+dfsg-1.debian.tar.xz
312f9100085ae8a1eec0fe48c1b63e41bd3666ae 5907
libxml2_2.15.3+dfsg-1_source.buildinfo
Checksums-Sha256:
0be604718471b1eacd8fffd8f9cb7807b7eea039530e5ec2a264d86332b2c5e9 2738
libxml2_2.15.3+dfsg-1.dsc
ab227bacf1189534fff004aedaeb2985c8a4de3bed18b7e19fd6485f1f42cf77 2349324
libxml2_2.15.3+dfsg.orig.tar.xz
0d42d072e75663fcf70123a37c6f8176cf918ba6061966cf0f70853ca9d2c9bd 36176
libxml2_2.15.3+dfsg-1.debian.tar.xz
9221043e91576b70b990acc3631db2bc7fa5f8dd1c1ba32e41e65c3da7e4d0c4 5907
libxml2_2.15.3+dfsg-1_source.buildinfo
Files:
332bec52773cf2c35570fd5384a26786 2738 libs optional libxml2_2.15.3+dfsg-1.dsc
8cc9b47c4285f11f070dd859a52962e3 2349324 libs optional
libxml2_2.15.3+dfsg.orig.tar.xz
1da577489be4491407acec4d721d509c 36176 libs optional
libxml2_2.15.3+dfsg-1.debian.tar.xz
48f76a0ff5d3ed53c227b73ac235bc9c 5907 libs optional
libxml2_2.15.3+dfsg-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEExq6D0hxncEPaPayX+GQ1dHE8m64FAmoizCkACgkQ+GQ1dHE8
m67+TggAomYv5+GV2tKNorSCmbnvKFuMxeU+wibJm652h1YyngD3IGd49x8AnSIn
VoEPpqRdN0qb1s+GIQBgPUSakrRQRLPDgkn5bGQ6SFg4DeCeZzUp+17hwTShJqx3
LiPuui36efFki2qrMsz6WTq96qOmtKYJrOGb9u2EnRFtKEFvI5eQxjq/dEZf/CxP
LkrcOb4pfzmfzaxtk6My3D3wmQQwACoswUurnwSYrLzwjmQUlxjHRIpDN9bBVP0p
UZZp1Bm/fy9jkMY/WZtz9HuacuDwHrDjqICZk/9LG4g4qwddMtc86A99f+ug8/g5
jQhxKKNfs8y/neorxRYQGh2IUzzMAg==
=xqoH
-----END PGP SIGNATURE-----
pgp0xjpS3bb4o.pgp
Description: PGP signature
--- End Message ---
