FEDORA-2021-b950000d2b created by amigadave 4 months ago for Fedora 33
stable

Update to 2.9.12

  • Fix CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541
  • Verify sources with GPG signature

Logout Required
After installing this update it is required that you logout of your current user session and log back in to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --advisory=FEDORA-2021-b950000d2b

This update has been submitted for testing by amigadave.

4 months ago

This update's test gating status has been changed to 'failed'.

4 months ago

This update's test gating status has been changed to 'waiting'.

4 months ago

This update's test gating status has been changed to 'failed'.

4 months ago

This update's test gating status has been changed to 'passed'.

4 months ago
User Icon zbyszek commented & provided feedback 4 months ago
karma

I'm seeing an error in rawhide. But it seems that it's consistent with 2.9.12 in other builds too, so I'm setting the karma here too.

python3-lxml seems broken with this update. lxml.etree.tostring() prints trailing garbage after the element. See https://github.com/systemd/systemd/issues/19601 for a reproducer.

This update has been pushed to testing.

4 months ago

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

4 months ago
User Icon andilinux commented & provided feedback 4 months ago
karma

works

amigadave edited this update.

New build(s):

  • libxml2-2.9.12-2.fc33

Removed build(s):

  • libxml2-2.9.12-1.fc33

Karma has been reset.

4 months ago

This update has been submitted for testing by amigadave.

4 months ago

This update's test gating status has been changed to 'failed'.

4 months ago

This update's test gating status has been changed to 'passed'.

4 months ago

This update's test gating status has been changed to 'failed'.

4 months ago

This update's test gating status has been changed to 'passed'.

4 months ago

This update has been pushed to testing.

4 months ago

amigadave edited this update.

New build(s):

  • libxml2-2.9.12-4.fc33

Removed build(s):

  • libxml2-2.9.12-2.fc33

Karma has been reset.

4 months ago

This update has been submitted for testing by amigadave.

4 months ago

This update has been pushed to testing.

4 months ago
User Icon frantisekz commented & provided feedback 4 months ago
karma

Seems that apps depending on this work well

This update can be pushed to stable now if the maintainer wishes

3 months ago

This update has been submitted for stable by amigadave.

3 months ago

This update has been pushed to stable.

3 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
4 months ago
in testing
4 months ago
in stable
3 months ago
modified
4 months ago
BZ#1954227 CVE-2021-3516 libxml2: use-after-free in xmlEncodeEntitiesInternal() in entities.c [fedora-all]
0
0
BZ#1954234 CVE-2021-3517 libxml2: heap-based buffer overflow in xmlEncodeEntitiesInternal() in entities.c [fedora-all]
0
0
BZ#1954243 CVE-2021-3518 libxml2: use-after-free in xmlXIncludeDoProcess() in xinclude.c [fedora-all]
0
0
BZ#1956524 CVE-2021-3537 libxml2: NULL pointer dereference in valid.c in xmlValidBuildAContentModel [fedora-all]
0
0
BZ#1960153 CVE-2021-3541 libxml2: Exponential entity expansion attack bypasses all existing protection mechanisms [fedora-all]
0
0
BZ#1965662 please backport regression fix 13ad8736d
0
0

Automated Test Results