- Package:
- release.debian.org
- Source:
- release.debian.org
- Submitter:
- Salvatore Bonaccorso
- Date:
- 2026-06-27 14:37:09 UTC
- Severity:
- normal
- Tags:
Hi, [ Reason ] libxml-libxml-perl is prone to CVE-2026-8177, #1136300, it is not severe enough to warrant a security advisory. [ Impact ] Remains open to CVE-2026-8177 [ Tests ] Extensive test suite and in addition done a debusine upload as per https://debusine.debian.net/debian/developers/work-request/896109/ . [ Risks ] Patch taken upstream. Fix exposed for roughly a month in unstable (and migrated to testing). [ Checklist ] [x] *all* changes are documented in the d/changelog [x] I reviewed all changes and I approve them [x] attach debdiff against the package in (old)stable [x] the issue is verified as fixed in unstable [ Changes ] Fix issue by replacing domParseChar with xmlValidateName to prevent OOB UTF-8 read. [ Other info ] None. Regards, Salvatore
package release.debian.org tags 1140836 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: libxml-libxml-perl Version: 2.0207+dfsg+really+2.0134-1+deb12u1 Explanation: fix out-of-bounds read [CVE-2026-8177]
package release.debian.org tags 1140836 = bookworm pending thanks Hi, The upload referenced by this bug report has been flagged for acceptance into the proposed-updates queue for Debian bookworm. Thanks for your contribution! Upload details ============== Package: libxml-libxml-perl Version: 2.0207+dfsg+really+2.0134-1+deb12u1 Explanation: fix out-of-bounds read [CVE-2026-8177]