-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 25 Aug 2025 19:38:04 +0800 Source: libxml2 Binary: libxml2 libxml2-dbgsym libxml2-dev libxml2-utils libxml2-utils-dbgsym python3-libxml2 python3-libxml2-dbgsym Architecture: amd64 Version: 2.12.7+dfsg+really2.9.14-2.1+deb13u1 Distribution: trixie-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Aron Xu Description: libxml2 - GNOME XML library libxml2-dev - GNOME XML library - development files libxml2-utils - GNOME XML library - utilities python3-libxml2 - GNOME XML library - Python3 bindings Closes: 1109122 Changes: libxml2 (2.12.7+dfsg+really2.9.14-2.1+deb13u1) trixie-security; urgency=high . * CVE-2025-7425: heap-use-after-free in xmlFreeID caused by `atype` corruption (Closes: #1109122) Checksums-Sha1: 3e03c9eefba2adcf315a715ef39476e25bac7785 1893748 libxml2-dbgsym_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb 572ef1fd0da66e56bdd436996255a52ac102dfb4 793272 libxml2-dev_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb d7353a89548e2aa7d8806f712ffd9037ba32575f 77700 libxml2-utils-dbgsym_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb 54ee30645f9dce344532776dbf5b7c1fa911ea93 100332 libxml2-utils_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb d55d49145187bea045fbb808d442c167c81e53f4 9158 libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64-buildd.buildinfo c132d2a2f4d804158ef75c9905de00e2f4a9d8c0 698060 libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb 5ca2a478deb098cb456e80e595c07cf23fc93956 232080 python3-libxml2-dbgsym_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb 7cd2bbcae0cb4cfb3232ad55a38de4a58d30a608 189728 python3-libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb Checksums-Sha256: e8985d950eb27492eddcf0795a64ef2a44e913b96dfb15bfcb6069bc51f7ddd1 1893748 libxml2-dbgsym_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb 842e07476d0093b9c1ebdc16d1efa093cf9934c9f88cda26a2e33b982deb48df 793272 libxml2-dev_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb e0c91f2e1ac8f1a0c74e966f537e431472f14b2ace55020f29d549c6bd33649c 77700 libxml2-utils-dbgsym_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb c8dfd86a9fb25de95728b3da0696c2664350fe597fa1fea981ef6233e60929f8 100332 libxml2-utils_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb 633651707fb42905fe28ad1c77a4dd2abf45baecfcda0a622d47e471af8eda5f 9158 libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64-buildd.buildinfo b4743a0fd8e86379ec2bdfb6b97b99fb1c92a925e538920052316814470e99f8 698060 libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb d13732f2d3a07017ef9185d19b8a07c115bd3ffc082fb110384a1ada09ff19c2 232080 python3-libxml2-dbgsym_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb 1dfb2a4bd1fd8c5c50b136cc36097ed32b43e942e8881b32cfa499f62346943f 189728 python3-libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb Files: 2f7e60ee67624dcc87aab8f41c990ac1 1893748 debug optional libxml2-dbgsym_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb 58240c1df6fb3cf7e0c6dfdab7495065 793272 libdevel optional libxml2-dev_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb 2a2e973b3f3e3da4ff868a59b8518ccf 77700 debug optional libxml2-utils-dbgsym_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb f2075f48976cca343b1a2ed4fa1ae645 100332 text optional libxml2-utils_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb 90fe46bddda7f20611b2fac7f61a13d9 9158 libs optional libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64-buildd.buildinfo b60f50633c8c325f37184913046a938a 698060 libs optional libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb d02e231d87f747599740298f09bc9c41 232080 debug optional python3-libxml2-dbgsym_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb 7d41f087cf1d332a3f8b5fb9292dc1cb 189728 python optional python3-libxml2_2.12.7+dfsg+really2.9.14-2.1+deb13u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmisUnkACgkQEbCLukZn 24q1NQ//c2U5QrQjhY5GG4Er3lsi/vPZFhO1Bb8VLs5fuA0MnvfJf9VldIbdcH2o KWb9j8Tr+g2qWyDY3b+vSRIHMQFXR3/MDK0Wb40gmpVrvWqkqSJPfcekpzGuaAmJ KNzCfN1UsO0YVMM4yqkKuOOZSg3JTkh5/Yglo2NRNar7yiGJ+7Vr399Chy2ANz5l 8oB96OnraAj45fFggdt54WNYSG2dLI6/tC+ExgczxSl36/iU7TKTLe2gNKlu5xJc pt0lveRaMujvbGfyufLfJHKsi3DkBABcsn8DJjeHTRUWnIdXRkG9iFwiF8KLU4nk 4p2SnQSXpgOs++elcOOExjE1/vLc6MaP36hpOOq1fcr20m5vQUY+mgSdD2ZNi4sU DRjSKhZiGRjTDiVe1jFSpjjjOROHgzSCouCpuH1wU17U68ZdN8B8oEMB2c8cKgNa UdsQpyZiOYpSt6KJssPkU+g5lsqAzFWmKyFNO8Ek6bSCztjLT0ECuQsulHxmMUeM dQ5MnpoUS1X2j65t4JhTKxkty16t8yutStcHIlM/+i/tO85dEVXkE0M2xgYjc0Mq yXY3pRgiJH/p55BisP+v2nUU7Zm678twWdYdOJyCDyGWDiEygJX0pJxf8Nwdc7rk VHqA8El6fmijKs8A10qd0rL+WzMgd+TcJKEgDgskYuzj8tNlpag= =zyVm -----END PGP SIGNATURE-----