Skip to content

[Deepin Integration]~[v25-Release] fix: add CVE-2026-6653 patch for entity amplification check rework by Zeno-sole@deepin-community/libxml2 by deepin-community-ci-bot[bot] #13506

Description

@deepin-bot

Package information | 软件包信息

包名 版本
libxml2 2.12.7+dfsg+really2.9.14-2.1+deb13u3deepin1

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-4199/testing/ ./

Changelog | 更新信息

libxml2 (2.12.7+dfsg+really2.9.14-2.1+deb13u3deepin1) unstable; urgency=medium

  • Fix CVE-2026-6653: entity amplification check rework
    • Rework entity amplification check to fix billion-laughs attack
    • Limit document size after entity substitution to 10x before
      expansion
    • Add saturation arithmetic to prevent 32-bit integer overflow
    • Enable entity amplification check even when XML_PARSE_HUGE is set

Metadata

Metadata

Assignees

Type

No type
No fields configured for issues without a type.

Projects

Status
已集成

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions