From nobody Sat May 31 17:31:23 2025
X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4b8nGJ3QGCz5xK36;
	Sat, 31 May 2025 17:31:36 +0000 (UTC)
	(envelope-from fernando.apesteguia@gmail.com)
Received: from mail-il1-x133.google.com (mail-il1-x133.google.com [IPv6:2607:f8b0:4864:20::133])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4b8nGJ0YwSz3JDg;
	Sat, 31 May 2025 17:31:36 +0000 (UTC)
	(envelope-from fernando.apesteguia@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-il1-x133.google.com with SMTP id e9e14a558f8ab-3db6ddcef4eso25345525ab.2;
        Sat, 31 May 2025 10:31:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1748712695; x=1749317495; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=s7/0cQuw4hV1tZiAD0TESknj3ciFtrkde7tLtCnXuXc=;
        b=KXyori1sirc6WrcQYHc9QLefrTfe6DnfEGLSegveVqs8PP3l3OMfB7N3cFm4c+SDci
         tMMGGfLNCiPFTGnj/Yh0jUEQuK8oa1iTVXFpj+rMw/1JdLcTc4AOwZBUDO7kfCYiu52a
         JzJw90R+yantglKpkCFvoo+qXI+GYjEF+pFan7zbbP/EIvHy/zm1EGCQPJDELsFKkC6D
         SV9awiOrFit3QwTHhcYBVSX8wFAOPAoEpXyIuj/F1sOjdb1mlK85B6d+/a4NY8mdhXmZ
         bR2AAO7hXwhSRFj441ozjk5dMo/G7bO5XqhDy4lk56zj8W1evnLM73WBXLnoKy9Ug03T
         Nk3g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1748712695; x=1749317495;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=s7/0cQuw4hV1tZiAD0TESknj3ciFtrkde7tLtCnXuXc=;
        b=bYBzVbUyU7pqZOI1pME3uNOkMQpfUQDE0xPuBLa945kNq49GxQB1ddwxrKGQNGgQtl
         JEodqQ1vLdpcmz5KXOuoITzVadTFyiRUz3h3aJlfLElVrlqHqyW54jFqDIRu1AU19zNA
         4B2071ZyNg+8A7zcchGdIGNPnGvy/Dpr1knSzp2x1Vx2+jfVJgmJ5uI3OIQevUCB/yZ7
         hdQJpjDG6EEDZCBOMZNAuv2ZmfYueSuO3JvLgGLOXBQ6zbGmmMmSosFRkGBzusSXNLtE
         x48ICCP8DJa6S2yAMOoaSi21rsHWhzR14Rnl3YZ2Z4jGw6ZY0KZ8zCDPWGbglDkqaAsg
         V15g==
X-Forwarded-Encrypted: i=1; AJvYcCX4tED3Su+7jnEM61lOwVih/v1Bcw9TKYhnOElnACOh8hnkrhFOf5ifbXjHKH+g93N44BFxEQXG1jlIwjixA8j6QRoByLKWBw==@freebsd.org, AJvYcCXcQWdmzekiKaSwqFehja9udMNcnt9mpOCm3+PKNVlFb8fWk+5WNv0Pt3B6Q0VoGcI7s9EOlXGrSHamfgyQLv8bxuAOr2w=@freebsd.org
X-Gm-Message-State: AOJu0Yz8KjIVmuQ+oY/huKz29vJSSqdCvXqs5fGJrZ/88+wL+Geo5PCS
	trPrMSi6CYopc9x6J4NKoM5lDtKDTx1nGGxIrVQJ7IZ87vgGPEKSNZLpR0CsvqmyHV+FbHUtSDl
	iA6LARplW0iUME3Z6JOHFxQya+PRb5Ol/ahwC
X-Gm-Gg: ASbGncvkq71+x6beDhdUusnb0MFn1cNEZvb6jar9+MUG7nJJa8KjPIgdvy+DFODSVdv
	H1uLkOTS+GATbMmOmTGu/P0SsX3bQz4NmKqkq4hZfbh4P5+9124k2OETP4vC55BMy/pefOS2o1L
	lGSKsb4s85t1gVbBnDO61rfGu010YdScA=
X-Google-Smtp-Source: AGHT+IG5nj4LdNwsyQFexsVpkZUv4BB6FlCEx0cD8K6jI950LkOVN66DJ+CRNFZPTrj68jODrCA0mH8cQ1ORA7o/nZ0=
X-Received: by 2002:a05:6e02:1c29:b0:3dd:89d0:3d82 with SMTP id
 e9e14a558f8ab-3dd99c2875bmr84370335ab.16.1748712694753; Sat, 31 May 2025
 10:31:34 -0700 (PDT)
List-Id: Commits to the main branch of the FreeBSD ports repository <dev-commits-ports-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main
List-Help: <mailto:dev-commits-ports-main+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-ports-main@freebsd.org
Sender: owner-dev-commits-ports-main@FreeBSD.org
MIME-Version: 1.0
References: <202505311718.54VHISqo031288@gitrepo.freebsd.org>
In-Reply-To: <202505311718.54VHISqo031288@gitrepo.freebsd.org>
From: =?UTF-8?Q?Fernando_Apestegu=C3=ADa?= <fernando.apesteguia@gmail.com>
Date: Sat, 31 May 2025 19:31:23 +0200
X-Gm-Features: AX0GCFs0MCwiJ4joIkmEdXqfBVSt0sL6CDqxj1kNG5QwXZpSoBl9Ao60tlwhjgQ
Message-ID: <CAGwOe2Z6VSDmT7VWwyGFK4ngTayUGosL1pztCbQjpiB8sY-cgg@mail.gmail.com>
Subject: Re: git: 9a596e5a5345 - main - security/vuxml: Document libxml2 vulnerabilities
To: Daniel Engberg <diizzy@freebsd.org>
Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, 
	dev-commits-ports-main@freebsd.org
Content-Type: multipart/alternative; boundary="000000000000fc3112063671e60f"
X-Rspamd-Queue-Id: 4b8nGJ0YwSz3JDg
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	TAGGED_FROM(0.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]

--000000000000fc3112063671e60f
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Sat, May 31, 2025 at 7:18=E2=80=AFPM Daniel Engberg <diizzy@freebsd.org>=
 wrote:

> The branch main has been updated by diizzy:
>
> URL:
> https://cgit.FreeBSD.org/ports/commit/?id=3D9a596e5a5345db82dcf952243faa5=
e9d80d2ef1b
>
> commit 9a596e5a5345db82dcf952243faa5e9d80d2ef1b
> Author:     Daniel Engberg <diizzy@FreeBSD.org>
> AuthorDate: 2025-05-31 17:17:46 +0000
> Commit:     Daniel Engberg <diizzy@FreeBSD.org>
> CommitDate: 2025-05-31 17:17:49 +0000
>
>     security/vuxml: Document libxml2 vulnerabilities
>
>     Document CVE-2024-56171, CVE-2025-24928 and CVE-2025-32414
> ---
>  security/vuxml/vuln/2025.xml | 89
> ++++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 89 insertions(+)
>
> diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
> index 4681d7869854..1cd062837b12 100644
> --- a/security/vuxml/vuln/2025.xml
> +++ b/security/vuxml/vuln/2025.xml
> @@ -1,3 +1,92 @@
> +  <vuln vid=3D"2926c487-3e53-11f0-95d4-00a098b42aeb">
> +    <topic>libxml2 -- Out-of-bounds memory access</topic>
> +    <affects>
> +      <package>
> +       <name>xmlsoft</name>
>

^^^^^^^^^^^^^^^^^^^

What port is xmlsoft? Shouldn't this be libxml2?


> +       <range><lt>2.14.2</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +       <body xmlns=3D"http://www.w3.org/1999/xhtml">
> +       <p>cve@mitre.org reports:</p>
> +       <blockquote cite=3D"
> https://gitlab.gnome.org/GNOME/libxml2/-/issues/889">
> +         <p>In libxml2 before 2.13.8 and 2.14.x before 2.14.2,
> out-of-bounds
> +       memory access can occur in the Python API (Python bindings) becau=
se
> +       of an incorrect return value.  This occurs in xmlPythonFileRead a=
nd
> +       xmlPythonFileReadRaw because of a difference between bytes and
> +       characters.</p>
> +       </blockquote>
> +       </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2025-32414</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-32414</url>
> +    </references>
> +    <dates>
> +      <discovery>2025-04-08</discovery>
> +      <entry>2025-05-31</entry>
> +    </dates>
> +  </vuln>
> +
> +  <vuln vid=3D"fdd02be0-3e50-11f0-95d4-00a098b42aeb">
> +    <topic>libxml2 -- Stack-based Buffer Overflow</topic>
> +    <affects>
> +      <package>
> +       <name>libxml2</name>
> +       <range><lt>2.13.6</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +       <body xmlns=3D"http://www.w3.org/1999/xhtml">
> +       <p>cve@mitre.org reports:</p>
> +       <blockquote cite=3D"
> https://gitlab.gnome.org/GNOME/libxml2/-/issues/847">
> +         <p>libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a
> stack-based
> +       buffer overflow in xmlSnprintfElements in valid.c.  To exploit
> this,
> +       DTD validation must occur for an untrusted document or untrusted
> +       DTD.  NOTE: this is similar to CVE-2017-9047.</p>
> +       </blockquote>
> +       </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2025-24928</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2025-24928</url>
> +    </references>
> +    <dates>
> +      <discovery>2025-02-18</discovery>
> +      <entry>2025-05-31</entry>
> +    </dates>
> +  </vuln>
> +
> +  <vuln vid=3D"bd2af307-3e50-11f0-95d4-00a098b42aeb">
> +    <topic>libxml2 -- Use After Free</topic>
> +    <affects>
> +      <package>
> +       <name>libxml2</name>
> +       <range><lt>2.13.6</lt></range>
> +      </package>
> +    </affects>
> +    <description>
> +       <body xmlns=3D"http://www.w3.org/1999/xhtml">
> +       <p>cve@mitre.org reports:</p>
> +       <blockquote cite=3D"
> https://gitlab.gnome.org/GNOME/libxml2/-/issues/828">
> +         <p>libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a
> use-after-free
> +       in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in
> +       xmlschemas.c.  To exploit this, a crafted XML document must be
> +       validated against an XML schema with certain identity constraints=
,
> +       or a crafted XML schema must be used.</p>
> +       </blockquote>
> +       </body>
> +    </description>
> +    <references>
> +      <cvename>CVE-2024-56171</cvename>
> +      <url>https://nvd.nist.gov/vuln/detail/CVE-2024-56171</url>
> +    </references>
> +    <dates>
> +      <discovery>2025-02-18</discovery>
> +      <entry>2025-05-31</entry>
> +    </dates>
> +  </vuln>
> +
>    <vuln vid=3D"25acd603-3dde-11f0-8cb5-a8a1599412c6">
>      <topic>chromium -- multiple security fixes</topic>
>      <affects>
>

--000000000000fc3112063671e60f
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote g=
mail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">On Sat, May 31,=
 2025 at 7:18=E2=80=AFPM Daniel Engberg &lt;<a href=3D"mailto:diizzy@freebs=
d.org">diizzy@freebsd.org</a>&gt; wrote:<br></div><blockquote class=3D"gmai=
l_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,20=
4,204);padding-left:1ex">The branch main has been updated by diizzy:<br>
<br>
URL: <a href=3D"https://cgit.FreeBSD.org/ports/commit/?id=3D9a596e5a5345db8=
2dcf952243faa5e9d80d2ef1b" rel=3D"noreferrer" target=3D"_blank">https://cgi=
t.FreeBSD.org/ports/commit/?id=3D9a596e5a5345db82dcf952243faa5e9d80d2ef1b</=
a><br>
<br>
commit 9a596e5a5345db82dcf952243faa5e9d80d2ef1b<br>
Author:=C2=A0 =C2=A0 =C2=A0Daniel Engberg &lt;diizzy@FreeBSD.org&gt;<br>
AuthorDate: 2025-05-31 17:17:46 +0000<br>
Commit:=C2=A0 =C2=A0 =C2=A0Daniel Engberg &lt;diizzy@FreeBSD.org&gt;<br>
CommitDate: 2025-05-31 17:17:49 +0000<br>
<br>
=C2=A0 =C2=A0 security/vuxml: Document libxml2 vulnerabilities<br>
<br>
=C2=A0 =C2=A0 Document CVE-2024-56171, CVE-2025-24928 and CVE-2025-32414<br=
>
---<br>
=C2=A0security/vuxml/vuln/2025.xml | 89 +++++++++++++++++++++++++++++++++++=
+++++++++<br>
=C2=A01 file changed, 89 insertions(+)<br>
<br>
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml<br=
>
index 4681d7869854..1cd062837b12 100644<br>
--- a/security/vuxml/vuln/2025.xml<br>
+++ b/security/vuxml/vuln/2025.xml<br>
@@ -1,3 +1,92 @@<br>
+=C2=A0 &lt;vuln vid=3D&quot;2926c487-3e53-11f0-95d4-00a098b42aeb&quot;&gt;=
<br>
+=C2=A0 =C2=A0 &lt;topic&gt;libxml2 -- Out-of-bounds memory access&lt;/topi=
c&gt;<br>
+=C2=A0 =C2=A0 &lt;affects&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;package&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;name&gt;xmlsoft&lt;/name&gt;<br></blockquot=
e><div><br></div><div>^^^^^^^^^^^^^^^^^^^</div><div><br></div><div>What por=
t is xmlsoft? Shouldn&#39;t this be libxml2?</div><div>=C2=A0</div><blockqu=
ote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px=
 solid rgb(204,204,204);padding-left:1ex">
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;range&gt;&lt;lt&gt;2.14.2&lt;/lt&gt;&lt;/ra=
nge&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;/package&gt;<br>
+=C2=A0 =C2=A0 &lt;/affects&gt;<br>
+=C2=A0 =C2=A0 &lt;description&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;body xmlns=3D&quot;<a href=3D"http://www.w3=
.org/1999/xhtml" rel=3D"noreferrer" target=3D"_blank">http://www.w3.org/199=
9/xhtml</a>&quot;&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;p&gt;<a href=3D"mailto:cve@mitre.org" targe=
t=3D"_blank">cve@mitre.org</a> reports:&lt;/p&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;blockquote cite=3D&quot;<a href=3D"https://=
gitlab.gnome.org/GNOME/libxml2/-/issues/889" rel=3D"noreferrer" target=3D"_=
blank">https://gitlab.gnome.org/GNOME/libxml2/-/issues/889</a>&quot;&gt;<br=
>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;p&gt;In libxml2 before 2.13.8 and 2.=
14.x before 2.14.2, out-of-bounds<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0memory access can occur in the Python API (Pyth=
on bindings) because<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0of an incorrect return value.=C2=A0 This occurs=
 in xmlPythonFileRead and<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0xmlPythonFileReadRaw because of a difference be=
tween bytes and<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0characters.&lt;/p&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;/blockquote&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;/body&gt;<br>
+=C2=A0 =C2=A0 &lt;/description&gt;<br>
+=C2=A0 =C2=A0 &lt;references&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;cvename&gt;CVE-2025-32414&lt;/cvename&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;url&gt;<a href=3D"https://nvd.nist.gov/vuln/detai=
l/CVE-2025-32414" rel=3D"noreferrer" target=3D"_blank">https://nvd.nist.gov=
/vuln/detail/CVE-2025-32414</a>&lt;/url&gt;<br>
+=C2=A0 =C2=A0 &lt;/references&gt;<br>
+=C2=A0 =C2=A0 &lt;dates&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;discovery&gt;2025-04-08&lt;/discovery&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;entry&gt;2025-05-31&lt;/entry&gt;<br>
+=C2=A0 =C2=A0 &lt;/dates&gt;<br>
+=C2=A0 &lt;/vuln&gt;<br>
+<br>
+=C2=A0 &lt;vuln vid=3D&quot;fdd02be0-3e50-11f0-95d4-00a098b42aeb&quot;&gt;=
<br>
+=C2=A0 =C2=A0 &lt;topic&gt;libxml2 -- Stack-based Buffer Overflow&lt;/topi=
c&gt;<br>
+=C2=A0 =C2=A0 &lt;affects&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;package&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;name&gt;libxml2&lt;/name&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;range&gt;&lt;lt&gt;2.13.6&lt;/lt&gt;&lt;/ra=
nge&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;/package&gt;<br>
+=C2=A0 =C2=A0 &lt;/affects&gt;<br>
+=C2=A0 =C2=A0 &lt;description&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;body xmlns=3D&quot;<a href=3D"http://www.w3=
.org/1999/xhtml" rel=3D"noreferrer" target=3D"_blank">http://www.w3.org/199=
9/xhtml</a>&quot;&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;p&gt;<a href=3D"mailto:cve@mitre.org" targe=
t=3D"_blank">cve@mitre.org</a> reports:&lt;/p&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;blockquote cite=3D&quot;<a href=3D"https://=
gitlab.gnome.org/GNOME/libxml2/-/issues/847" rel=3D"noreferrer" target=3D"_=
blank">https://gitlab.gnome.org/GNOME/libxml2/-/issues/847</a>&quot;&gt;<br=
>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;p&gt;libxml2 before 2.12.10 and 2.13=
.x before 2.13.6 has a stack-based<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0buffer overflow in xmlSnprintfElements in valid=
.c.=C2=A0 To exploit this,<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0DTD validation must occur for an untrusted docu=
ment or untrusted<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0DTD.=C2=A0 NOTE: this is similar to CVE-2017-90=
47.&lt;/p&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;/blockquote&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;/body&gt;<br>
+=C2=A0 =C2=A0 &lt;/description&gt;<br>
+=C2=A0 =C2=A0 &lt;references&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;cvename&gt;CVE-2025-24928&lt;/cvename&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;url&gt;<a href=3D"https://nvd.nist.gov/vuln/detai=
l/CVE-2025-24928" rel=3D"noreferrer" target=3D"_blank">https://nvd.nist.gov=
/vuln/detail/CVE-2025-24928</a>&lt;/url&gt;<br>
+=C2=A0 =C2=A0 &lt;/references&gt;<br>
+=C2=A0 =C2=A0 &lt;dates&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;discovery&gt;2025-02-18&lt;/discovery&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;entry&gt;2025-05-31&lt;/entry&gt;<br>
+=C2=A0 =C2=A0 &lt;/dates&gt;<br>
+=C2=A0 &lt;/vuln&gt;<br>
+<br>
+=C2=A0 &lt;vuln vid=3D&quot;bd2af307-3e50-11f0-95d4-00a098b42aeb&quot;&gt;=
<br>
+=C2=A0 =C2=A0 &lt;topic&gt;libxml2 -- Use After Free&lt;/topic&gt;<br>
+=C2=A0 =C2=A0 &lt;affects&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;package&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;name&gt;libxml2&lt;/name&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;range&gt;&lt;lt&gt;2.13.6&lt;/lt&gt;&lt;/ra=
nge&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;/package&gt;<br>
+=C2=A0 =C2=A0 &lt;/affects&gt;<br>
+=C2=A0 =C2=A0 &lt;description&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;body xmlns=3D&quot;<a href=3D"http://www.w3=
.org/1999/xhtml" rel=3D"noreferrer" target=3D"_blank">http://www.w3.org/199=
9/xhtml</a>&quot;&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;p&gt;<a href=3D"mailto:cve@mitre.org" targe=
t=3D"_blank">cve@mitre.org</a> reports:&lt;/p&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;blockquote cite=3D&quot;<a href=3D"https://=
gitlab.gnome.org/GNOME/libxml2/-/issues/828" rel=3D"noreferrer" target=3D"_=
blank">https://gitlab.gnome.org/GNOME/libxml2/-/issues/828</a>&quot;&gt;<br=
>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;p&gt;libxml2 before 2.12.10 and 2.13=
.x before 2.13.6 has a use-after-free<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0in xmlSchemaIDCFillNodeTables and xmlSchemaBubb=
leIDCNodeTables in<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0xmlschemas.c.=C2=A0 To exploit this, a crafted =
XML document must be<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0validated against an XML schema with certain id=
entity constraints,<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0or a crafted XML schema must be used.&lt;/p&gt;=
<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;/blockquote&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 =C2=A0&lt;/body&gt;<br>
+=C2=A0 =C2=A0 &lt;/description&gt;<br>
+=C2=A0 =C2=A0 &lt;references&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;cvename&gt;CVE-2024-56171&lt;/cvename&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;url&gt;<a href=3D"https://nvd.nist.gov/vuln/detai=
l/CVE-2024-56171" rel=3D"noreferrer" target=3D"_blank">https://nvd.nist.gov=
/vuln/detail/CVE-2024-56171</a>&lt;/url&gt;<br>
+=C2=A0 =C2=A0 &lt;/references&gt;<br>
+=C2=A0 =C2=A0 &lt;dates&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;discovery&gt;2025-02-18&lt;/discovery&gt;<br>
+=C2=A0 =C2=A0 =C2=A0 &lt;entry&gt;2025-05-31&lt;/entry&gt;<br>
+=C2=A0 =C2=A0 &lt;/dates&gt;<br>
+=C2=A0 &lt;/vuln&gt;<br>
+<br>
=C2=A0 =C2=A0&lt;vuln vid=3D&quot;25acd603-3dde-11f0-8cb5-a8a1599412c6&quot=
;&gt;<br>
=C2=A0 =C2=A0 =C2=A0&lt;topic&gt;chromium -- multiple security fixes&lt;/to=
pic&gt;<br>
=C2=A0 =C2=A0 =C2=A0&lt;affects&gt;<br>
</blockquote></div></div>

--000000000000fc3112063671e60f--