- Update from version 2.14.4 to 2.14.6
- Update of rootfile
- 5 CVE fixes in version 2.14.5
- Changelog
2.14.6
Regressions
valid: Don't add ids when validating entity content
Fix initGenericErrorDefaultFunc(NULL) (Samuel Thibault)
valid: Undeprecate xmlAdd*Decl
globals: Include HTMLparser.h, fixing Windows build
io: Fix reading from pipes like stdin on Windows
Security
regexp: Avoid integer overflow and OOB array access
tree: Guard against atype corruption
Improvements
parser: Fix xmlSaturatedAddSizeT argument type
2.14.5
Regressions
valid: Don't add ids when validating entity content
io: Fix reading from pipes like stdin on Windows
parser: Fix handling of invalid char refs in recovery mode
Security
regexp: Avoid integer overflow and OOB array access
tree: Guard against atype corruption
[CVE-2025-49794] [CVE-2025-49796] schematron: Fix xmlSchematronReportOutput
[CVE-2025-49795] schematron: Fix null pointer dereference leading to DoS
(Michael Mann)
[CVE-2025-6170] Fix potential buffer overflows of interactive shell
(Michael Mann)
[CVE-2025-6021] tree: Fix integer overflow in xmlBuildQName
Bug fixes
save: Fix serialization of attribute defaults containing <
Improvements
parser: Fix xmlSaturatedAddSizeT argument type
Build systems and portability
meson: Add libxml2 part of include dir to pc file (Heiko Becker)
cmake: Fix installation directories in libxml2-config.cmake
io: Fix linkage of __xml*BufferCreateFilename functions
Signed-off-by: Adolf Belka <adolf.belka@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
projects / ipfire-2.x.git / commit
