Libxml2 2.13.9 released

Development
,
1

https://download.gnome.org/sources/libxml2/2.13/libxml2-2.13.9.tar.xz
sha256sum: a2c9ae7b770da34860050c309f903221c67830c86e4a7e760692b803df95143a

Regressions

  • valid: Don’t add ids when validating entity content
  • io: Fix reading from pipes like stdin on Windows
  • parser: Fix handling of invalid char refs in recovery mode

Security

  • regexp: Avoid integer overflow and OOB array access
  • tree: Guard against atype corruption
  • [CVE-2025-49794] [CVE-2025-49796] schematron: Fix xmlSchematronReportOutput
  • [CVE-2025-49795] schematron: Fix null pointer dereference leading to DoS
    (Michael Mann)
  • [CVE-2025-6170] Fix potential buffer overflows of interactive shell (Michael
    Mann)
  • [CVE-2025-6021] tree: Fix integer overflow in xmlBuildQName

Bug fixes

  • save: Fix serialization of attribute defaults containing <

Improvements

  • parser: Fix xmlSaturatedAddSizeT argument type

Build systems and portability

  • meson: Add libxml2 part of include dir to pc file (Heiko Becker)
  • cmake: Fix installation directories in libxml2-config.cmake
  • io: Fix linkage of __xml*BufferCreateFilename functions
2 Likes
2

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.