-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 27 Jul 2025 01:15:48 +0200
Source: libxml2
Architecture: source
Version: 2.9.14+dfsg-1.3~deb12u3
Distribution: bookworm
Urgency: high
Maintainer: Debian XML/SGML Group <debian-xml-sgml-pkgs@lists.alioth.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1107720 1107752 1107755 1107938
Changes:
 libxml2 (2.9.14+dfsg-1.3~deb12u3) bookworm; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2025-6021: Integer overflow issue in xmlBuildQName. (Closes:
     #1107720).
   * Fix CVE-2025-6170: Potential buffer overflows in the interactive shell
     (Closes: #1107938).
   * Fix CVE-2025-49794: Use-after-free issue in xmlSchematronReportOutput
     (Closes: #1107755).
   * Fix CVE-2025-49796: Type confusion issue in xmlSchematronReportOutput
     (Closes: #1107752).
Checksums-Sha1:
 19d5553d787c8f0faf13984d22c18df210dfccd7 2955 libxml2_2.9.14+dfsg-1.3~deb12u3.dsc
 ea717ef9e0269d369c57108bfc42ef3fac3e1b19 42204 libxml2_2.9.14+dfsg-1.3~deb12u3.debian.tar.xz
 fc7fd32aa5db19254bfb5903e8f41e9ee6181142 9943 libxml2_2.9.14+dfsg-1.3~deb12u3_amd64.buildinfo
Checksums-Sha256:
 ab2a7f540f3a809f792843b314a9226b73fa44053b738cd0207fe2ea83612c61 2955 libxml2_2.9.14+dfsg-1.3~deb12u3.dsc
 574cd2c7eef5244e4d8f8ff9b79e90ee2dee314dcb994b8496edd1176e43cf53 42204 libxml2_2.9.14+dfsg-1.3~deb12u3.debian.tar.xz
 7a0abe5d94fb61fc94b8b9041be920e4722e9306a5a2b5d9f8e3bfa641318c32 9943 libxml2_2.9.14+dfsg-1.3~deb12u3_amd64.buildinfo
Files:
 12a7c054605136f8e814a48f422b3f5f 2955 libs optional libxml2_2.9.14+dfsg-1.3~deb12u3.dsc
 1f6535ec221592d507fa14d7b98694d2 42204 libs optional libxml2_2.9.14+dfsg-1.3~deb12u3.debian.tar.xz
 07472d2097a95af85efc5696c30f89d6 9943 libs optional libxml2_2.9.14+dfsg-1.3~deb12u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmiFYh4ACgkQ05pJnDwh
pVKk1BAApu/QUYZLbAfmwe9hLO70ahYctUvlYcSIHHu5+qVkLXdbV2qcjZbGeXil
STw1nnlBxGMsuL2lfusjsWX9904Qd/ONz5fCn7uavel+G0ewVQOHNI1tdMiddK9g
otJfgJM9xZ4n3DhkJAQvyKrJ3SYkKZ13JV8PXqN0Ay2y4+CXsuNOmhbZ0jEme+U0
L7hzPQjQU9BlgucWXqbWZTDZUiRIoSnRY2N/d7/TidHW8UyJ8QTAGCF/KVkRzGsH
Qd4IA0IdCBd2CiQhoHenRiIyESHLjnYlD22Yhh8VUL/rr0cYodO8ROrpisHOFc6O
8w3sWYwQGJ1k8Cm9oyrMRtPloxDdhoQRX6CA9iTuI0MO1Bo9lKrQ2+KloXO06MrR
QzlpneWxXAqXxafSP3hmKrUMv5er/qrYvQHydLUwFyPGAvGeJFEnmy9/myi33DN+
AJ/DrMaqPEOvEB4QLN4lip4hSigENWlj3gBfl9j1h08pzhERK5c83wKUugVvOa3R
OxFAuM2/19rfEoeZz/0W87NiA30cTybvSrzJnFeEsHhsN7RCA17oQ7Qy7fyQ3M7S
5matXC1eHPniBRspyygejytnkQ2F+pZcowXK50dTCtj68hiRWMkbXFCYj7aFy6+L
dyf1z7Ycj5/m2nAwP8femtxASwf4xJBh7tRxqbkYZHAxxs8LvsU=
=cM8N
-----END PGP SIGNATURE-----