| Package | libxml2 |
|---|---|
| Version | 2.9.1+dfsg1-5+deb8u16 (jessie), 2.9.4+dfsg1-2.2+deb9u11 (stretch), 2.9.4+dfsg1-7+deb10u7 (buster) |
| Related CVEs | CVE-2016-3709 CVE-2022-2309 |
Two vulnerabilities have been fixed in the XML library libxml2.
CVE-2016-3709 (buster)
HTML 4 parser cross-site scripting
CVE-2022-2309
Parser NULL pointer dereference
For Debian 10 buster, these problems have been fixed in version 2.9.4+dfsg1-7+deb10u7.
For Debian 8 jessie, these problems have been fixed in version 2.9.1+dfsg1-5+deb8u16.
For Debian 9 stretch, these problems have been fixed in version 2.9.4+dfsg1-2.2+deb9u11.
We recommend that you upgrade your libxml2 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.