This bug was fixed in the package libxml2 - 2.9.13+dfsg-1ubuntu0.2
--------------- libxml2 (2.9.13+dfsg-1ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference - debian/patches/CVE-2022-2309.patch: reset nsNr in xmlCtxReset in parser.c (LP: #1996494). - CVE-2022-2309 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2022-40303.patch: fix integer overflows with XML_PARSE_HUGE in parser.c. - CVE-2022-40303 * SECURITY UPDATE: Double-free - debian/patches/CVE-2022-40304.patch: fix dict corruption caused by entity ref cycles in entities.c. - CVE-2022-40304
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 29 Nov 2022 16:39:07 -0300
This bug was fixed in the package libxml2 - 2.9.13+ dfsg-1ubuntu0. 2
--------------- dfsg-1ubuntu0. 2) jammy-security; urgency=medium
libxml2 (2.9.13+
* SECURITY UPDATE: NULL pointer dereference patches/ CVE-2022- 2309.patch: reset nsNr in patches/ CVE-2022- 40303.patch: fix integer overflows patches/ CVE-2022- 40304.patch: fix dict
- debian/
xmlCtxReset in parser.c (LP: #1996494).
- CVE-2022-2309
* SECURITY UPDATE: Integer overflow
- debian/
with XML_PARSE_HUGE in parser.c.
- CVE-2022-40303
* SECURITY UPDATE: Double-free
- debian/
corruption caused by entity ref cycles in
entities.c.
- CVE-2022-40304
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 29 Nov 2022 16:39:07 -0300