File _patchinfo of Package patchinfo.28753
<patchinfo incident="28753">
<issue tracker="cve" id="2022-29824"/>
<issue tracker="cve" id="2023-29469"/>
<issue tracker="cve" id="2023-28484"/>
<issue tracker="cve" id="2021-3541"/>
<issue tracker="bnc" id="1210412">VUL-0: CVE-2023-29469: libxml2,python-libxml2: Hashing of empty dict strings isn't deterministic</issue>
<issue tracker="bnc" id="1065270">python3-libxml2-python: segfault with malformed UTF8 strings in error messages</issue>
<issue tracker="bnc" id="1210411">VUL-0: CVE-2023-28484: libxml2,python-libxml2: NULL dereference in xmlSchemaFixupComplexType</issue>
<issue tracker="bnc" id="1204585">libxml2 testsuite missing W3C conformance tests from https://www.w3.org/XML/Test/</issue>
<issue tracker="bnc" id="1199132">VUL-0: CVE-2022-29824: libxml2, libxml2-python, python-libxml2-python: integer overflow leading to out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*)</issue>
<packager>david.anes</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for libxml2</summary>
<description>This update for libxml2 fixes the following issues:
- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132).
The following non-security bugs were fixed:
- Added W3C conformance tests to the testsuite (bsc#1204585).
- Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) .
</description>
</patchinfo>