-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 07 Jun 2026 17:53:53 +0200
Source: libxml2
Binary: libxml2 libxml2-dbgsym libxml2-dev libxml2-utils libxml2-utils-dbgsym python3-libxml2 python3-libxml2-dbgsym
Architecture: ppc64el
Version: 2.9.14+dfsg-1.3~deb12u6
Distribution: bookworm
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-conova-02) <buildd_ppc64el-ppc64el-conova-02@buildd.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Description:
 libxml2    - GNOME XML library
 libxml2-dev - GNOME XML library - development files
 libxml2-utils - GNOME XML library - utilities
 python3-libxml2 - GNOME XML library - Python3 bindings
Closes: 1125691 1125695 1125696
Changes:
 libxml2 (2.9.14+dfsg-1.3~deb12u6) bookworm; urgency=high
 .
   * Non-maintainer upload.
   * Fix CVE-2026-0989: Specially crafted or overly complex schemas can cause
     excessive recursion during parsing, which may lead to stack exhaustion and
     application crashes. The parser now enforces a limit on inclusion depth
     when resolving nested `<include>` directives; the limit defaults to 1000
     and can be modified at runtime with the env variable `RNG_INCLUDE_LIMIT`.
     (Closes: #1125691)
   * Fix CVE-2026-0990: `xmlCatalogXMLResolveURI()` will recurse infinitely if
     a catalog has a URI delegate referencing itself, eventually resulting in a
     call stack overflow. (Closes: #1125695)
   * Fix CVE-2026-0992: Denial of Service vulnerability due to uncontrolled
     resource consumption when processing XML catalogs containing repeated
     `<nextCatalog>` elements pointing to the same downstream catalog.
     (Closes: #1125696)
   * Fix CVE-2025-8732: When a catalog file contains a CATALOG directive
     pointing to itself, `xmlExpandCatalog()` and `xmlParseSGMLCatalog()`
     recursively call each other without bounds until stack overflow.
   * Fix CVE-2026-1757: Memory leak issue in the command parsing logic of the
     xmllint interactive shell.
   * Fix unit tests for CVE-2025-49794 and -49796.
   * Backport some more upstream changes from v2.15.2:
     + Fix memory leak of prefix in `xmlTextWriterStartElementNS()`.
     + Mitigate use-after-free issue in `xmlRelaxNGValidateValue()`.
     + Fix memory leak in `xmlTextWriterStartAttributeNS()`.
     + Schematron: Fix additional memory leaks on error paths.
     + Catalog: Fix stack overflow from self-referencing SGML CATALOG entries.
Checksums-Sha1:
 38e1b9e4172717c0c0437f67e8a41f12cabb8808 1960948 libxml2-dbgsym_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 4f6e605534eb865ae4e1272e62fe86782c059bcb 857600 libxml2-dev_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 1ebfb700fb93d96f7fcd6f40508943041aa3bad9 80456 libxml2-utils-dbgsym_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 79f4ec9daea536d3d2beccabadb80c94d92a4ae0 101620 libxml2-utils_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 7606335e63e01db3bcaa38c1db5691056def83a7 9255 libxml2_2.9.14+dfsg-1.3~deb12u6_ppc64el-buildd.buildinfo
 7fdc81c58f78385c9333672eef89c0812deee91d 725900 libxml2_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 c095ffd2ed4da85820054401e88b0147e62a4443 252952 python3-libxml2-dbgsym_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 8e199f1aa08cd10814545b86abe46570ba4a5467 189912 python3-libxml2_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
Checksums-Sha256:
 35fa6746824f4e19f277ea3b2b41d6e0bf9755fa868d8b58598d42910402c9d6 1960948 libxml2-dbgsym_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 7dab2243badcd21a6b1166856cdc7a85b8ff91bc850f2ad62a1ce778e6ea0883 857600 libxml2-dev_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 a2d50e0bb8c5d9bc1646edb6522777a4e7c7ddbd0275a98c8bd080c651975263 80456 libxml2-utils-dbgsym_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 0d922b39270fb891418baa7069bb3ae13d5128daec7a1101b9cfb6a12b7e5244 101620 libxml2-utils_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 1f6200cdeb921cbee59ff082b1c7cedee8359021659c742dd97c3fe388194a72 9255 libxml2_2.9.14+dfsg-1.3~deb12u6_ppc64el-buildd.buildinfo
 d75cbfb8a12d398d83c84e90cbc9fcac01deb9e49f35e24de2a773116e8cb64c 725900 libxml2_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 4d2f98b5e982036eace2cd1c9c31819f8da32f21cade9419f570f14a386b8cad 252952 python3-libxml2-dbgsym_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 f65962b9b2bb7f9484c930afea8142132843054cdf7ac85eeec79684433be429 189912 python3-libxml2_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
Files:
 4f6ba24c76125321924caa25f4743aba 1960948 debug optional libxml2-dbgsym_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 c0645abb32dd3bdd378a2d7f69d962a1 857600 libdevel optional libxml2-dev_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 c054fbb00d7b6afab6b06fbab7ff5e00 80456 debug optional libxml2-utils-dbgsym_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 21791699203a4be6dbe917695897f2dd 101620 text optional libxml2-utils_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 0dbea02bd9abc931472dc88f4a30b5d3 9255 libs optional libxml2_2.9.14+dfsg-1.3~deb12u6_ppc64el-buildd.buildinfo
 1cc134c10c88549b00796a8d06370afe 725900 libs optional libxml2_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 21dc9353576bed44954f69e4d510b37a 252952 debug optional python3-libxml2-dbgsym_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb
 4a3cd9777364db89f9f2e3eb7713e750 189912 python optional python3-libxml2_2.9.14+dfsg-1.3~deb12u6_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEySUEQfg5pZeb/U372FRWNm40e2YFAmooab4ACgkQ2FRWNm40
e2YV5w//ekzju+clZSDJ12ujTPeS4aIF78WG5KJ+TOd5+eZC9yr48tUmGuOpNV6X
KIhTgyoDPPlMyy7Mvj6EwJKC6GfzjrzfYPPXi5VAEusK5hVi9pVjiK3n97+ICTMy
eEbsuqY0SNUohtIh7kK4Ps/VcNcMnJ4nQk1vZqM/t7xUh3RIxO+StGi+oSZQOJ+D
c5nj8dHzYuui6a5bZTsAvZTtVlinK4a9oTY7uRTSpCRFBkXulW2mttOmQCiuwsXx
fxiSL8GMvNdkKIPDMSsW8+eVwQExO97nu24PhhKQ1HxUMZclCQTA9x2WlD0MQYqb
xvt/97Uqm4tQj6+a+cvRbOwDQX7tKJDSvtQcfEhxDWPzXZwv74XIsooMLxAm8XeM
AjmaVJWZToAKuPwFHUTa06bp+xxFBFKLPHz54iU/eC2JQnFuEnbCtfQiJyeBnttQ
GBVeN5uO6NAMxpFB3D1gXD5dbHpOI2kDXp39AN/YtaB1BRr9yJlxFm61z1dMBO3S
zALCHhJCoZ46bilByvaa7HqOrMd+NE8vbF58HmnhRZ2Q8to9GFbFBWMQ3wAKzjad
l5R2DkdYy/5++IEfOkcB0YU/zMaGLxZ1qdZJQ/GjSmY8wa8wUDtBZLv91sO/2JRZ
SZotJQw1aEfoRd/ZL/yzk4jkDr1c0HaDI0qvpfSd9qBImXppkhA=
=P80s
-----END PGP SIGNATURE-----