libxml2 (2.14.5+dfsg-0.2) [PTS] [DDPO]

OLD: VCS is behind the version in the archive: 2.12.7+dfsg+really2.9.14-1 < 2.14.5+dfsg-0.2.

Git: https://salsa.debian.org/xml-sgml-team/libxml2.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: master
Path: debian/changelog
Repo size: 3092480
Browser: https://salsa.debian.org/xml-sgml-team/libxml2
Last scan: 2025-09-09 07:00:02+00
Next scan: 2025-09-16 12:10:00+00
CI pipeline status: canceled

Debian changelog in Git:

libxml2 (2.12.7+dfsg+really2.9.14-1) unstable; urgency=medium

  * Acknowledge previous NMUs.
  * Security fixes:
    - CVE-2023-39615: out-of-bounds read via the xmlSAX2StartElement()
      (Closes: #1051230)
    - CVE-2023-45322: use-after-free in xmlUnlinkNode()
      (Closes: #1053629)
    - CVE-2024-25062: use-after-free in xmlValidatePopElement()
      (Closes: #1063234)
    - CVE-2025-32414: out-of-bounds read in Python bindings
      (Closes: #1102521)
    - CVE-2025-32415: heap-based buffer under-read via
      xmlSchemaIDCFillNodeTables() (Closes: #1103511)

 -- Aron Xu <aron@debian.org>  Thu, 15 May 2025 15:34:25 +0800

This branch is even with tag debian/2.12.7+dfsg+really2.9.14-1