Bug 54778 - libxml2: multiple CVEs
Summary: libxml2: multiple CVEs
Status: NEW
Alias: None
Product: Sisyphus
Classification: Development
Component: libxml2 (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Alexey Shabalin
QA Contact: qa-sisyphus
URL:
Keywords:
Depends on:
Blocks: 46625
  Show dependency tree
 
Reported: 2025-06-10 20:20 MSK by Yuri N. Sedunov
Modified: 2025-06-10 21:27 MSK (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Yuri N. Sedunov 2025-06-10 20:20:08 MSK 
[CVE-2025-32414] Parsing text via the Python API causes invalid memory access leading to parse failures and crashes
https://gitlab.gnome.org/GNOME/libxml2/-/issues/889

[CVE-2025-32415] Out-of-bounds Read in xmlSchemaIDCFillNodeTables
https://gitlab.gnome.org/GNOME/libxml2/-/issues/890
Comment 1 Sergey V Turchin 2025-06-10 21:27:45 MSK 
(Ответ для Yuri N. Sedunov на комментарий #0)
> failures and crashes
Со времён KDE3 ничего не изменилось. ;-)