Sun Dec 10 01:12:17 UTC 202320231210011217

l/libxml2-2.12.2-x86_64-2.txz:  Rebuilt.
  Add --sysconfdir=/etc option so that this can find the xml catalog.
  Thanks to SpiderTux.
  Fix the following security issues:
  Fix integer overflows with XML_PARSE_HUGE.
  Fix dict corruption caused by entity reference cycles.
  Hashing of empty dict strings isn't deterministic.
  Fix null deref in xmlSchemaFixupComplexType.
  For more information, see:
    https://www.cve.org/CVERecord?id=CVE-2022-40303
    https://www.cve.org/CVERecord?id=CVE-2022-40304
    https://www.cve.org/CVERecord?id=CVE-2023-29469
    https://www.cve.org/CVERecord?id=CVE-2023-28484
  (* Security fix *)

1 files changed, 16 insertions, 0 deletions

diff --git a/ChangeLog.txt b/ChangeLog.txt
index 6a3cb8355..5e64cb007 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,3 +1,19 @@
+Sun Dec 10 01:12:17 UTC 2023
+l/libxml2-2.12.2-x86_64-2.txz:  Rebuilt.
+  Add --sysconfdir=/etc option so that this can find the xml catalog.
+  Thanks to SpiderTux.
+  Fix the following security issues:
+  Fix integer overflows with XML_PARSE_HUGE.
+  Fix dict corruption caused by entity reference cycles.
+  Hashing of empty dict strings isn't deterministic.
+  Fix null deref in xmlSchemaFixupComplexType.
+  For more information, see:
+    https://www.cve.org/CVERecord?id=CVE-2022-40303
+    https://www.cve.org/CVERecord?id=CVE-2022-40304
+    https://www.cve.org/CVERecord?id=CVE-2023-29469
+    https://www.cve.org/CVERecord?id=CVE-2023-28484
+  (* Security fix *)
++--------------------------+
 Sat Dec  9 19:55:12 UTC 2023
 kde/plasma-wayland-protocols-1.12.0-x86_64-1.txz:  Upgraded.
 l/libxslt-1.1.39-x86_64-1.txz:  Upgraded.