Guilhem Moulin pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
761b1688 by Guilhem Moulin at 2026-06-08T10:58:56+02:00
Reserve DLA-4622-1 for libxml2
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -76720,7 +76720,6 @@ CVE-2026-0992 (A flaw was found in the libxml2 library.
This uncontrolled resour
- libxml2 2.15.2+dfsg-0.1 (bug #1125696)
[trixie] - libxml2 <no-dsa> (Minor issue)
[bookworm] - libxml2 <no-dsa> (Minor issue)
- [bullseye] - libxml2 <postponed> (Minor issue, DoS)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1019
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/f75abfcaa419a740a3191e56c60400f3ff18988d
NOTE: Follow-up:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/deed3b7873dff30b7f87f7f33154c9932a772522
@@ -76732,7 +76731,6 @@ CVE-2026-0990 (A flaw was found in libxml2, an XML
parsing library. This uncontr
- libxml2 2.15.2+dfsg-0.1 (bug #1125695)
[trixie] - libxml2 <no-dsa> (Minor issue)
[bookworm] - libxml2 <no-dsa> (Minor issue)
- [bullseye] - libxml2 <postponed> (Minor issue, DoS)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/1018
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/1961208e958ca22f80a0b4e4c9d71cfa050aa982
NOTE: Tests:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/f8399e62a31095bf1ced01827c33f9b29494046f
@@ -76742,7 +76740,6 @@ CVE-2026-0989 (A flaw was identified in the RelaxNG
parser of libxml2 related to
- libxml2 2.15.2+dfsg-0.1 (bug #1125691)
[trixie] - libxml2 <no-dsa> (Minor issue)
[bookworm] - libxml2 <no-dsa> (Minor issue)
- [bullseye] - libxml2 <postponed> (Minor issue, DoS)
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/998
NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/merge_requests/374
NOTE: Fixed by:
https://gitlab.gnome.org/GNOME/libxml2/-/commit/66c52b3ac6c32ab112ec2a3bf41e6c30948be113
(v2.15.2)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[08 Jun 2026] DLA-4622-1 libxml2 - security update
+ {CVE-2025-8732 CVE-2026-0989 CVE-2026-0990 CVE-2026-0992 CVE-2026-1757}
+ [bullseye] - libxml2 2.9.10+dfsg-6.7+deb11u10
[08 Jun 2026] DLA-4621-1 glibc - security update
{CVE-2025-8058 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915 CVE-2026-4046}
[bullseye] - glibc 2.31-13+deb11u14
=====================================
data/dla-needed.txt
=====================================
@@ -309,10 +309,6 @@ libtext-csv-xs-perl/bullseye
NOTE: 20260519: Added by Front-Desk (Beuc)
NOTE: 20260519: Follow trixie 13.5 (1 CVE) (Beuc/front-desk)
--
-libxml2/bullseye (guilhem)
- NOTE: 20260519: Added by Front-Desk (Beuc)
- NOTE: 20260519: CVE-2026-6732 looks serious, also fixed postponed CVEs
(Beuc/front-desk)
---
libxmltok/bullseye
NOTE: 20250421: Added by Front-Desk (ta)
NOTE: 20250421: Also review all other expat CVEs. (bunk)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/761b1688c4f2064913b140bb016f2707d9f7c0c4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/761b1688c4f2064913b140bb016f2707d9f7c0c4
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
