Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits: 8b17f8d5 by Guilhem Moulin at 2026-06-07T00:46:46+02:00 CVE-2026-0992/libxml2: Add reference to follow-up commits Cf. https://gitlab.gnome.org/GNOME/libxml2/-/work_items/1040 - - - - - 420abe4e by Guilhem Moulin at 2026-06-07T01:36:53+02:00 CVE-2026-6732/libxml2: Reference commit introducing the issue Discovered by manually checking and the blame log and confirmed per (former) upstream maintainer at https://gitlab.gnome.org/GNOME/libxml2/-/work_items/1097#note_2735437 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -28656,10 +28656,12 @@ CVE-2026-6810 (The Booking Calendar Contact Form plugin for WordPress is vulnera NOT-FOR-US: WordPress plugin CVE-2026-6732 (A flaw was found in libxml2. This vulnerability occurs when the librar ...) - libxml2 2.15.3+dfsg-1 (bug #1134866) + [bullseye] - libxml2 <not-affected> (Vulnerable code not present) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1097 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/411 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/226b560837b90dea9b14431eca6e6fda8fb01ab4 (master) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/7cea3fd1557437b88f2c7b5e1b71a2d5fb152b55 (master) + NOTE: Introduced with: https://gitlab.gnome.org/GNOME/libxml2/-/commit/e1153832b0a31b872517ab582641630e2d14cec7 (v2.13.0) CVE-2026-6393 (The BetterDocs plugin for WordPress is vulnerable to Missing Authoriza ...) NOT-FOR-US: WordPress plugin CVE-2026-6376 (A weakness in SpiceJet\u2019s public booking retrieval page permits fu ...) @@ -76050,7 +76052,11 @@ CVE-2026-0992 (A flaw was found in the libxml2 library. This uncontrolled resour [bullseye] - libxml2 <postponed> (Minor issue, DoS) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f75abfcaa419a740a3191e56c60400f3ff18988d + NOTE: Follow-up: https://gitlab.gnome.org/GNOME/libxml2/-/commit/deed3b7873dff30b7f87f7f33154c9932a772522 + NOTE: Tests: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f8399e62a31095bf1ced01827c33f9b29494046f NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/4af23b523de5b72f27faf3e8e8a99dde5f7b82a2 (v2.15.2) + NOTE: Follow-up: https://gitlab.gnome.org/GNOME/libxml2/-/commit/096402c942e9d9a049f283eb4e6da431289900e1 (v2.15.2) + NOTE: Tests: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f14c733327f163b49a632f03d05a58c119ed7e57 (v2.15.2) CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This uncontrolled ...) - libxml2 2.15.2+dfsg-0.1 (bug #1125695) [trixie] - libxml2 <no-dsa> (Minor issue) @@ -76058,7 +76064,9 @@ CVE-2026-0990 (A flaw was found in libxml2, an XML parsing library. This uncontr [bullseye] - libxml2 <postponed> (Minor issue, DoS) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/1961208e958ca22f80a0b4e4c9d71cfa050aa982 + NOTE: Tests: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f8399e62a31095bf1ced01827c33f9b29494046f NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/ac6f0fde1476c41f59ad0c68ada3394599ebf2ae (v2.15.2) + NOTE: Tests: https://gitlab.gnome.org/GNOME/libxml2/-/commit/f14c733327f163b49a632f03d05a58c119ed7e57 (v2.15.2) CVE-2026-0989 (A flaw was identified in the RelaxNG parser of libxml2 related to how ...) - libxml2 2.15.2+dfsg-0.1 (bug #1125691) [trixie] - libxml2 <no-dsa> (Minor issue) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fd7c034bb2b7d1187eb6577530dda262bac0cf33...420abe4e44d8d3c74bcc2f36d32973025c39271f -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/fd7c034bb2b7d1187eb6577530dda262bac0cf33...420abe4e44d8d3c74bcc2f36d32973025c39271f You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
