Package: libxml2 | Debian Sources

Package: libxml2 / 2.9.14+dfsg-1.3~deb12u2

Metadata

Package	Version	Patches format
libxml2	2.9.14+dfsg-1.3~deb12u2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
install html.patch \| (download)	doc/Makefile.am \| 48 47 + 1 - 0 ! 1 file changed, 47 insertions(+), 1 deletion(-)	install all the html docs The relevant makefile target was never updated since 2004.. Should probably look for a nicer way to do this than the current list before forwarding.
xml2 config fix.patch \| (download)	xml2-config.in \| 16 2 + 14 - 0 ! 1 file changed, 2 insertions(+), 14 deletions(-)	display dynamic linking information with --libs, not static Don't bother about keeping support for the static variant, it's not needed in debian directly.
python3 unicode errors.patch \| (download)	python/libxml.c \| 11 10 + 1 - 0 ! 1 file changed, 10 insertions(+), 1 deletion(-)	---
CVE 2022 40303 Fix integer overflows with XML_PARSE_.patch \| (download)	parser.c \| 233 121 + 112 - 0 ! 1 file changed, 121 insertions(+), 112 deletions(-)	[cve-2022-40303] fix integer overflows with xml_parse_huge
CVE 2022 40304 Fix dict corruption caused by entity .patch \| (download)	entities.c \| 55 16 + 39 - 0 ! 1 file changed, 16 insertions(+), 39 deletions(-)	[cve-2022-40304] fix dict corruption caused by entity reference cycles
schemas Fix null pointer deref in xmlSchemaCheckCOSS.patch \| (download)	result/schemas/oss-fuzz-51295_0_0.err \| 2 2 + 0 - 0 ! test/schemas/oss-fuzz-51295_0.xml \| 1 1 + 0 - 0 ! test/schemas/oss-fuzz-51295_0.xsd \| 4 4 + 0 - 0 ! xmlschemas.c \| 15 13 + 2 - 0 ! 4 files changed, 20 insertions(+), 2 deletions(-)	schemas: fix null-pointer-deref in xmlschemacheckcosstderivedok
CVE 2023 28484 Fix null deref in xmlSchemaFixupCompl.patch \| (download)	result/schemas/issue491_0_0.err \| 1 1 + 0 - 0 ! test/schemas/issue491_0.xml \| 1 1 + 0 - 0 ! test/schemas/issue491_0.xsd \| 18 18 + 0 - 0 ! xmlschemas.c \| 2 1 + 1 - 0 ! 4 files changed, 21 insertions(+), 1 deletion(-)	[cve-2023-28484] fix null deref in xmlschemafixupcomplextype
CVE 2023 29469 Hashing of empty dict strings isn t d.patch \| (download)	dict.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	[cve-2023-29469] hashing of empty dict strings isn't deterministic
Reset nsNr in xmlCtxtReset.patch \| (download)	parser.c \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	reset nsnr in xmlctxtreset
Also reset nsNr in htmlCtxtReset.patch \| (download)	HTMLparser.c \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	also reset nsnr in htmlctxtreset
CVE 2022 49043.patch \| (download)	xinclude.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	[patch] malloc-fail: fix use-after-free in xmlxincludeaddnode Found with libFuzzer, see #344.
CVE 2024 34459.patch \| (download)	xmllint.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] [cve-2024-34459] fix buffer overread with `xmllint --htmlout` Add a missing bounds check.
CVE 2024 56171.patch \| (download)	xmlschemas.c \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	[patch] [cve-2024-56171] fix use-after-free after xmlSchemaItemListAdd xmlSchemaItemListAdd can reallocate the items array. Update local variables after adding item in - xmlSchemaIDCFillNodeTables - xmlSchemaBubbleIDCNodeTables Fixes #828.
CVE 2025 24928 pre1.patch \| (download)	valid.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	[patch] valid: check for null node->name in xmlsnprintfelements Unfortunately, we can have NULL element names if xmlSetTreeDoc fails.
CVE 2025 24928.patch \| (download)	valid.c \| 22 11 + 11 - 0 ! 1 file changed, 11 insertions(+), 11 deletions(-)	[patch] [cve-2025-24928] fix stack-buffer-overflow in xmlSnprintfElements Fixes #847.
CVE 2025 27113.patch \| (download)	pattern.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	[patch] pattern: fix compilation of explicit child axis The child axis is the default axis and should generate XML_OP_ELEM like the case without an axis.
CVE 2023 39615_1.patch \| (download)	parser.c \| 2 0 + 2 - 0 ! 1 file changed, 2 deletions(-)	[patch] parser: fix old sax1 parser with custom callbacks For some reason, xmlCtxtUseOptionsInternal set the start and end element SAX handlers to the internal DOM builder functions when XML_PARSE_SAX1 was specified. This means that custom SAX handlers could never work with that flag because these functions would receive the wrong user data argument and crash immediately. Fixes #535.
CVE 2023 39615_2.patch \| (download)	SAX2.c \| 11 7 + 4 - 0 ! parser.c \| 5 1 + 4 - 0 ! 2 files changed, 8 insertions(+), 8 deletions(-)	[patch] sax: always initialize sax1 element handlers Follow-up to commit d0c3f01e. A parser context will be initialized to SAX version 2, but this can be overridden with XML_PARSE_SAX1 later, so we must initialize the SAX1 element handlers as well. Change the check in xmlDetectSAX2 to only look for XML_SAX2_MAGIC, so we don't switch to SAX1 if the SAX2 element handlers are NULL.
CVE 2023 45322.patch \| (download)	tree.c \| 7 5 + 2 - 0 ! 1 file changed, 5 insertions(+), 2 deletions(-)	[patch] tree: fix #583 again Only set doc->intSubset after successful copy to avoid dangling pointers in error case.
CVE 2024 25062.patch \| (download)	xmlreader.c \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	[patch] [cve-2024-25062] xmlreader: don't expand xincludes when backtracking Fixes a use-after-free if XML Reader if used with DTD validation and XInclude expansion. Fixes #604.
CVE 2025 32414 bug 889 v2.10.4 and below.patch \| (download)	python/libxml.c \| 28 18 + 10 - 0 ! 1 file changed, 18 insertions(+), 10 deletions(-)	---
CVE 2025 32415.patch \| (download)	xmlschemas.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	[patch] [cve-2025-32415] schemas: fix heap buffer overflow in xmlSchemaIDCFillNodeTables Don't use local variable which could contain a stale value. Fixes #890.

Patch	File delta	Description
install html.patch \| (download)	doc/Makefile.am \| 48 47 + 1 - 0 ! 1 file changed, 47 insertions(+), 1 deletion(-)	install all the html docs The relevant makefile target was never updated since 2004.. Should probably look for a nicer way to do this than the current list before forwarding.
xml2 config fix.patch \| (download)	xml2-config.in \| 16 2 + 14 - 0 ! 1 file changed, 2 insertions(+), 14 deletions(-)	display dynamic linking information with --libs, not static Don't bother about keeping support for the static variant, it's not needed in debian directly.
python3 unicode errors.patch \| (download)	python/libxml.c \| 11 10 + 1 - 0 ! 1 file changed, 10 insertions(+), 1 deletion(-)	---
CVE 2022 40303 Fix integer overflows with XML_PARSE_.patch \| (download)	parser.c \| 233 121 + 112 - 0 ! 1 file changed, 121 insertions(+), 112 deletions(-)	[cve-2022-40303] fix integer overflows with xml_parse_huge
CVE 2022 40304 Fix dict corruption caused by entity .patch \| (download)	entities.c \| 55 16 + 39 - 0 ! 1 file changed, 16 insertions(+), 39 deletions(-)	[cve-2022-40304] fix dict corruption caused by entity reference cycles
schemas Fix null pointer deref in xmlSchemaCheckCOSS.patch \| (download)	result/schemas/oss-fuzz-51295_0_0.err \| 2 2 + 0 - 0 ! test/schemas/oss-fuzz-51295_0.xml \| 1 1 + 0 - 0 ! test/schemas/oss-fuzz-51295_0.xsd \| 4 4 + 0 - 0 ! xmlschemas.c \| 15 13 + 2 - 0 ! 4 files changed, 20 insertions(+), 2 deletions(-)	schemas: fix null-pointer-deref in xmlschemacheckcosstderivedok
CVE 2023 28484 Fix null deref in xmlSchemaFixupCompl.patch \| (download)	result/schemas/issue491_0_0.err \| 1 1 + 0 - 0 ! test/schemas/issue491_0.xml \| 1 1 + 0 - 0 ! test/schemas/issue491_0.xsd \| 18 18 + 0 - 0 ! xmlschemas.c \| 2 1 + 1 - 0 ! 4 files changed, 21 insertions(+), 1 deletion(-)	[cve-2023-28484] fix null deref in xmlschemafixupcomplextype
CVE 2023 29469 Hashing of empty dict strings isn t d.patch \| (download)	dict.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	[cve-2023-29469] hashing of empty dict strings isn't deterministic
Reset nsNr in xmlCtxtReset.patch \| (download)	parser.c \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	reset nsnr in xmlctxtreset
Also reset nsNr in htmlCtxtReset.patch \| (download)	HTMLparser.c \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	also reset nsnr in htmlctxtreset
CVE 2022 49043.patch \| (download)	xinclude.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	[patch] malloc-fail: fix use-after-free in xmlxincludeaddnode Found with libFuzzer, see #344.
CVE 2024 34459.patch \| (download)	xmllint.c \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	[patch] [cve-2024-34459] fix buffer overread with `xmllint --htmlout` Add a missing bounds check.
CVE 2024 56171.patch \| (download)	xmlschemas.c \| 3 3 + 0 - 0 ! 1 file changed, 3 insertions(+)	[patch] [cve-2024-56171] fix use-after-free after xmlSchemaItemListAdd xmlSchemaItemListAdd can reallocate the items array. Update local variables after adding item in - xmlSchemaIDCFillNodeTables - xmlSchemaBubbleIDCNodeTables Fixes #828.
CVE 2025 24928 pre1.patch \| (download)	valid.c \| 3 2 + 1 - 0 ! 1 file changed, 2 insertions(+), 1 deletion(-)	[patch] valid: check for null node->name in xmlsnprintfelements Unfortunately, we can have NULL element names if xmlSetTreeDoc fails.
CVE 2025 24928.patch \| (download)	valid.c \| 22 11 + 11 - 0 ! 1 file changed, 11 insertions(+), 11 deletions(-)	[patch] [cve-2025-24928] fix stack-buffer-overflow in xmlSnprintfElements Fixes #847.
CVE 2025 27113.patch \| (download)	pattern.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	[patch] pattern: fix compilation of explicit child axis The child axis is the default axis and should generate XML_OP_ELEM like the case without an axis.
CVE 2023 39615_1.patch \| (download)	parser.c \| 2 0 + 2 - 0 ! 1 file changed, 2 deletions(-)	[patch] parser: fix old sax1 parser with custom callbacks For some reason, xmlCtxtUseOptionsInternal set the start and end element SAX handlers to the internal DOM builder functions when XML_PARSE_SAX1 was specified. This means that custom SAX handlers could never work with that flag because these functions would receive the wrong user data argument and crash immediately. Fixes #535.
CVE 2023 39615_2.patch \| (download)	SAX2.c \| 11 7 + 4 - 0 ! parser.c \| 5 1 + 4 - 0 ! 2 files changed, 8 insertions(+), 8 deletions(-)	[patch] sax: always initialize sax1 element handlers Follow-up to commit d0c3f01e. A parser context will be initialized to SAX version 2, but this can be overridden with XML_PARSE_SAX1 later, so we must initialize the SAX1 element handlers as well. Change the check in xmlDetectSAX2 to only look for XML_SAX2_MAGIC, so we don't switch to SAX1 if the SAX2 element handlers are NULL.
CVE 2023 45322.patch \| (download)	tree.c \| 7 5 + 2 - 0 ! 1 file changed, 5 insertions(+), 2 deletions(-)	[patch] tree: fix #583 again Only set doc->intSubset after successful copy to avoid dangling pointers in error case.
CVE 2024 25062.patch \| (download)	xmlreader.c \| 1 1 + 0 - 0 ! 1 file changed, 1 insertion(+)	[patch] [cve-2024-25062] xmlreader: don't expand xincludes when backtracking Fixes a use-after-free if XML Reader if used with DTD validation and XInclude expansion. Fixes #604.
CVE 2025 32414 bug 889 v2.10.4 and below.patch \| (download)	python/libxml.c \| 28 18 + 10 - 0 ! 1 file changed, 18 insertions(+), 10 deletions(-)	---
CVE 2025 32415.patch \| (download)	xmlschemas.c \| 4 2 + 2 - 0 ! 1 file changed, 2 insertions(+), 2 deletions(-)	[patch] [cve-2025-32415] schemas: fix heap buffer overflow in xmlSchemaIDCFillNodeTables Don't use local variable which could contain a stale value. Fixes #890.