Package: libxml2 Severity: CRITICAL and HIGH User: [email protected]<mailto:[email protected]>
Hi, We are writing in reference to the recently published vulnerabilities affecting libxml2: CVE-2025-6021: https://www.cve.org/CVERecord?id=CVE-2025-6021 CVE-2025-49794: https://www.cve.org/CVERecord?id=CVE-2025-49794 CVE-2025-49795: https://www.cve.org/CVERecord?id=CVE-2025-49795 CVE-2025-49796: https://www.cve.org/CVERecord?id=CVE-2025-49796 These vulnerabilities appear to affect all currently released versions listed below: Source Package Release Version Status libxml2<https://security-tracker.debian.org/tracker/source-package/libxml2> (PTS<https://tracker.debian.org/pkg/libxml2>) bullseye 2.9.10+dfsg-6.7+deb11u4 vulnerable bullseye (security) 2.9.10+dfsg-6.7+deb11u7 vulnerable bookworm 2.9.14+dfsg-1.3~deb12u1 vulnerable bookworm (security) 2.9.14+dfsg-1.3~deb12u2 vulnerable trixie, sid 2.12.7+dfsg+really2.9.14-1 vulnerable We would appreciate clarification on the following points: 1. Will these vulnerabilities be fixed in version 2.12.7+dfsg+really2.9.14-1 (Trixie, Sid)? If so, when? 2. When is the next version, 2.14.4+dfsg-0exp1 (currently in experimental), expected to become a stable release? 3. Will these vulnerabilities be addressed in that next stable release (2.14.x)? Thank you for your time and assistance. We look forward to your response. Best regards, Hemlata Chandewar
