File _patchinfo of Package patchinfo.28753

<patchinfo incident="28753">
  <issue tracker="cve" id="2022-29824"/>
  <issue tracker="cve" id="2023-29469"/>
  <issue tracker="cve" id="2023-28484"/>
  <issue tracker="cve" id="2021-3541"/>
  <issue tracker="bnc" id="1210412">VUL-0: CVE-2023-29469: libxml2,python-libxml2: Hashing of empty dict strings isn't deterministic</issue>
  <issue tracker="bnc" id="1065270">python3-libxml2-python: segfault with malformed UTF8 strings in error messages</issue>
  <issue tracker="bnc" id="1210411">VUL-0: CVE-2023-28484: libxml2,python-libxml2: NULL dereference in xmlSchemaFixupComplexType</issue>
  <issue tracker="bnc" id="1204585">libxml2 testsuite missing W3C conformance tests from https://www.w3.org/XML/Test/</issue>
  <issue tracker="bnc" id="1199132">VUL-0: CVE-2022-29824: libxml2, libxml2-python, python-libxml2-python: integer overflow leading to out-of-bounds write in  buf.c (xmlBuf*) and tree.c (xmlBuffer*)</issue>
  <packager>david.anes</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for libxml2</summary>
  <description>This update for libxml2 fixes the following issues:

- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). 
  
  The following non-security bugs were fixed:

- Added W3C conformance tests to the testsuite (bsc#1204585).
- Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . 
</description>
</patchinfo>