-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 07 Jun 2026 19:02:23 +0200 Source: libxml2 Architecture: source Version: 2.12.7+dfsg+really2.9.14-2.1+deb13u3 Distribution: trixie Urgency: high Maintainer: Debian XML/SGML Group <[email protected]> Changed-By: Guilhem Moulin <[email protected]> Closes: 1125691 1125695 1125696 Changes: libxml2 (2.12.7+dfsg+really2.9.14-2.1+deb13u3) trixie; urgency=high . * Non-maintainer upload. * Fix CVE-2026-0989: Specially crafted or overly complex schemas can cause excessive recursion during parsing, which may lead to stack exhaustion and application crashes. The parser now enforces a limit on inclusion depth when resolving nested `<include>` directives; the limit defaults to 1000 and can be modified at runtime with the env variable `RNG_INCLUDE_LIMIT`. (Closes: #1125691) * Fix CVE-2026-0990: `xmlCatalogXMLResolveURI()` will recurse infinitely if a catalog has a URI delegate referencing itself, eventually resulting in a call stack overflow. (Closes: #1125695) * Fix CVE-2026-0992: Denial of Service vulnerability due to uncontrolled resource consumption when processing XML catalogs containing repeated `<nextCatalog>` elements pointing to the same downstream catalog. (Closes: #1125696) * Fix CVE-2025-8732: When a catalog file contains a CATALOG directive pointing to itself, `xmlExpandCatalog()` and `xmlParseSGMLCatalog()` recursively call each other without bounds until stack overflow. * Fix CVE-2026-1757: Memory leak issue in the command parsing logic of the xmllint interactive shell. * Fix unit tests for CVE-2025-49794 and -49796. * Backport some more upstream changes from v2.15.2: + Fix memory leak of prefix in `xmlTextWriterStartElementNS()`. + Mitigate use-after-free issue in `xmlRelaxNGValidateValue()`. + Fix memory leak in `xmlTextWriterStartAttributeNS()`. + Schematron: Fix additional memory leaks on error paths. + Catalog: Fix stack overflow from self-referencing SGML CATALOG entries. * Add d/salsa-ci.yml for Salsa CI. Checksums-Sha1: 37c391a7c000ea7515c9745db1a2b286186f8f50 3085 libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u3.dsc 1d87d64579a19726bc00c1dd2d25dc85384d9586 58040 libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u3.debian.tar.xz 35d70dad3bd7bd4e70f1dfee0da4a5e44aed95d5 5903 libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u3_source.buildinfo Checksums-Sha256: 04b1da890535b11e3db231f39114ee09e643badceff79441d749d0ca78efaaa5 3085 libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u3.dsc 3b6d265f482d6a8fbe3c056d2006fb3b563b4a838f7258b388ac5f0b29206921 58040 libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u3.debian.tar.xz 32eb6af03f33f4e3d0e1dcaa9785c2888d8b9aeb1b86595d0a15aad8c56cb29a 5903 libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u3_source.buildinfo Files: 01a3bb806e33a46f5e266385660bc1a5 3085 libs optional libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u3.dsc 252478c7b538ca7c167d96b746442ff2 58040 libs optional libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u3.debian.tar.xz 6492712f2008fd74c2dd64b8040aefaa 5903 libs optional libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u3_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmonHhMACgkQ05pJnDwh pVJxjRAAr2A5PbOD/gDGdzjhSGeoMxi5yL872noUN8g4yLA1lUDxw/gDrZAYFGw0 l36duRjeE9y6JAIWhS/S76o0T6nmFk/5rV17WCqqe45tNLfYZyOf4vW9tU6ZYOrj DgKmko3uElX9wiUMdawMnWdlMcplVoVz0FspUOPhXMpvtFR5f0IebJHQml8X7i69 ntSr1zeNYJvAeB0wfGdyvDKjpPoi6AwTgkkPWdXedJEpEe4wOFWj2T/TQ5acZ3dG BTvk37x9ZDa6N06yzAkM+K3Y4xBUw7wnMhfzbjh/Tdzcszjhf08mAdkaBU3hG5QP NRvhPb/8Z2glsFXmw46dX5rS6CqED1IBZGL4c1i24Xf9knqFCfNgifHRBL6yYkHr 2JTJywNwcbHnQGe/bgyTHrxqw6PA8C3d9j/zHDKyDV7cVFMLcWR9lH4L7OKWpmNg 6vXhl/XrJRGo0eBz1/pVPXrVZqrmzcyq3Xc0FV8uZSzbt+gdqoXdWNA1+w9lAYsD PidWlVaD/rERg5hO0XD1QCw7OqrnpsvLo9slekKjRC4X86OUc9lho2/tbsQhooQB GNx4YvsQegbc5nJVvSenrxxBORgLCs+UQKKEiSKfj6vzixUXXXY821HhCxXGnChO 05+Isspm8JUa5QDfLcOiWP4Uy7fPk8CmaSXfGXSywfIPX0+GArE= =ZLwV -----END PGP SIGNATURE-----
pgp3sRkBx3uz2.pgp
Description: PGP signature
