Source: libxml2.9 Version: 2.12.7+dfsg+really2.9.14-1 Severity: important Tags: security upstream Forwarded: https://gitlab.gnome.org/GNOME/libxml2/-/issues/926 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 2.9.14+dfsg-1.3~deb12u1
Hi, The following vulnerability was published for libxml2. CVE-2025-6021[0]: | A flaw was found in libxml2's xmlBuildQName function, where integer | overflows in buffer size calculations can lead to a stack-based | buffer overflow. This issue can result in memory corruption or a | denial of service when processing crafted input. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-6021 https://www.cve.org/CVERecord?id=CVE-2025-6021 [1] https://gitlab.gnome.org/GNOME/libxml2/-/issues/926 [2] https://gitlab.gnome.org/GNOME/libxml2/-/commit/ad346c9a249c4b380bf73c460ad3e81135c5d781 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
