Accepted libxml2 2.15.2+dfsg-0.1 (source) into unstable

Debian FTP Masters Wed, 25 Mar 2026 06:52:25 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 25 Mar 2026 14:30:48 +0100
Source: libxml2
Architecture: source
Version: 2.15.2+dfsg-0.1
Distribution: unstable
Urgency: high
Maintainer: Debian XML/SGML Group <[email protected]>
Changed-By: Matthias Klose <[email protected]>
Closes: 1125691 1125695 1125696
Changes:
 libxml2 (2.15.2+dfsg-0.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * New upstream bug fix release.
     Security issues:
     - CVE-2026-1757 fix: Memory leak in xmllint Shell - shell.c
     - CVE-2026-0990 fix: Prevent infinite recursion in
       xmlCatalogListXMLResolve. Closes: #1125695.
     - CVE-2026-0992 fix: Exponential behavior when handling
       parser: Fix infinite loop in xmlCtxtParseContent. Closes: #1125696.
     - CVE-2025-10911 libxslt related: Ignore next/prev of documents when
       traversing XPath
     - CVE-2026-0989 fix: Add RelaxNG include limit. Closes: #1125691.
     - xmlIO: use size_t for buffer size reallocation
     - uri: fix signed integer overflow in xmlBuildRelativeURISafe
     - schematron: fix memory leaks on error paths in xmlSchematronParseRule
     - catalog: fix stack overflow from self-referencing SGML CATALOG entries
     Improvements
     - fuzz: Make fuzzy encoding match more lenient
     - Fix C14N type confusion
     - meson: Fix build with Meson < 1.3
     - xmllint: Use zlib directly
     - xmllint: New option to separate xpath results using null, --xpath0
     - autotools: Make valgrind actually check for leaks
     - meson: Add valgrind test setup
     - Fix xmlOutputBufferGetContent output when encoder is set
     - threads: don't force _WIN32_WINNT to Vista if it's set to a higher value
     - dist: Add generated documentation to the dist as "dist-doc" folder
       to simplify downstream packaging of doc
     - Fix xmlRemoveEntity removing from wrong hash table
     - use duplicating variant in relaxng to mitigate UAF
     - Fix memory leak in xmlTextWriterStartAttributeNS on OOM
     - meson: remove hardcoded buildtype=debug default
     - Fix memory leak of prefix in xmlTextWriterStartElementNS()
     - writer: Add a few extra NULL checks to avoid memory leaks on corrupt
       writer path.
   * Update symbols file.
   * Don't include the sources twice in the libxml2-source package.
   * Bump standards version.
Checksums-Sha1:
 e6c69c4e157f3a2f9e2bb7937048d2bebca1c9ea 3135 libxml2_2.15.2+dfsg-0.1.dsc
 91e7c42834c2aa65b17c3bf6d985ed12ff07e59b 2154608 
libxml2_2.15.2+dfsg.orig.tar.xz
 f10e58f6748678d98b50266248e1a50f1e080619 36120 
libxml2_2.15.2+dfsg-0.1.debian.tar.xz
 f4bc86d5fcb8739757ea93c7ff8a52d74f264cff 5928 
libxml2_2.15.2+dfsg-0.1_source.buildinfo
Checksums-Sha256:
 0566b1577d262cae50587a57ac5de746cc7e7b36e33c8351782d88a53cc8a341 3135 
libxml2_2.15.2+dfsg-0.1.dsc
 f1e80b8c76041d45840b96da2a5c0ddfb7ffcc923ef6687260e7ebb0fdaa26a5 2154608 
libxml2_2.15.2+dfsg.orig.tar.xz
 c58645a5c10a351cda92c0e145e96c754ec061bb4363f09d18f951693997369e 36120 
libxml2_2.15.2+dfsg-0.1.debian.tar.xz
 8da88d0fd3c1171a83a404b3052445db9994d86de2843a37dc725ddd71d4bdd6 5928 
libxml2_2.15.2+dfsg-0.1_source.buildinfo
Files:
 fb9dabce7a5338c721449ec1811ec84b 3135 libs optional libxml2_2.15.2+dfsg-0.1.dsc
 47fa2efacc4b6612e721df9581714663 2154608 libs optional 
libxml2_2.15.2+dfsg.orig.tar.xz
 0ceab70f5e7363733da900bfba784f67 36120 libs optional 
libxml2_2.15.2+dfsg-0.1.debian.tar.xz
 3dcbd76ab4d5cc3b160a6a1ee4f41a5f 5928 libs optional 
libxml2_2.15.2+dfsg-0.1_source.buildinfo
pgpgWlaa0c5uC.pgp
Description: PGP signature
Accepted libxml2 2.15.2+dfsg-0.1 (source) into unstable

Reply via email to
