-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5990-1 [email protected] https://www.debian.org/security/ Aron Xu August 29, 2025 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : libxml2 CVE ID : CVE-2025-7425 Debian Bug : 1109122 A flaw was found in libxslt, the XSLT 1.0 processing library, where the attribute type, atype, flags are modified in a way that corrupts internal memory management. This is addressed by adding guards in libxml2, the GNOME XML library, preventing the heap use-after-free from happening. For the oldstable distribution (bookworm), this problem has been fixed in version 2.9.14+dfsg-1.3~deb12u4. For the stable distribution (trixie), this problem has been fixed in version 2.12.7+dfsg+really2.9.14-2.1+deb13u1. We recommend that you upgrade your libxml2 packages. For the detailed security status of libxml2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libxml2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEBLHAyuu1xqoC2aJ5NP8o68vMTMgFAmixVKwACgkQNP8o68vM TMii+gf/UOXKGTi+P/o1wdqqIsUrd7PWI6M7rs4+7w1rKi2o5BiwOf7BwZOGMN6c XXucltuZ6LPfbzQxaGKGy3MWJBaNOqLilCPfiIUbM4LhQLGrkBLRDEyP/Pp+KXtH NUkzPcoKoqxQLC9LNPzqtXni50NAqFbIlAja/aCBzVdWN9+Xdw607M5lhINZ8x50 o7oF3IWfeZcDrwtoTEu6o1TFvne1Enp3yUkphxR/w4AJ2y9yxZM0hASxWgcqZ/eN 7hoX6VnpzBeRbs2fos4e4LoyZhQxIp2uFhi4HkoOA5iLjG/R7dHlAFVJimMrprHZ xobvNg4WOxWfLsC3xEpo189hLxfHbA== =FcGH -----END PGP SIGNATURE-----
