{
    "summary": {
        "snap": {
            "added": [],
            "removed": [],
            "diff": []
        },
        "deb": {
            "added": [],
            "removed": [],
            "diff": [
                "libxml2"
            ]
        }
    },
    "diff": {
        "deb": [
            {
                "name": "libxml2",
                "from_version": {
                    "source_package_name": "libxml2",
                    "source_package_version": "2.9.13+dfsg-1ubuntu0.5",
                    "version": "2.9.13+dfsg-1ubuntu0.5"
                },
                "to_version": {
                    "source_package_name": "libxml2",
                    "source_package_version": "2.9.13+dfsg-1ubuntu0.6",
                    "version": "2.9.13+dfsg-1ubuntu0.6"
                },
                "cves": [
                    {
                        "cve": "CVE-2024-56171",
                        "url": "https://ubuntu.com/security/CVE-2024-56171",
                        "cve_description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-02-18 22:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-24928",
                        "url": "https://ubuntu.com/security/CVE-2025-24928",
                        "cve_description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-02-18 23:15:00 UTC"
                    },
                    {
                        "cve": "CVE-2025-27113",
                        "url": "https://ubuntu.com/security/CVE-2025-27113",
                        "cve_description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.",
                        "cve_priority": "medium",
                        "cve_public_date": "2025-02-18 23:15:00 UTC"
                    }
                ],
                "launchpad_bugs_fixed": [],
                "changes": [
                    {
                        "cves": [
                            {
                                "cve": "CVE-2024-56171",
                                "url": "https://ubuntu.com/security/CVE-2024-56171",
                                "cve_description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-02-18 22:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-24928",
                                "url": "https://ubuntu.com/security/CVE-2025-24928",
                                "cve_description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047.",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-02-18 23:15:00 UTC"
                            },
                            {
                                "cve": "CVE-2025-27113",
                                "url": "https://ubuntu.com/security/CVE-2025-27113",
                                "cve_description": "libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c.",
                                "cve_priority": "medium",
                                "cve_public_date": "2025-02-18 23:15:00 UTC"
                            }
                        ],
                        "log": [
                            "",
                            "  * SECURITY UPDATE: use-after-free",
                            "    - debian/patches/CVE-2024-56171.patch: Fix use-after-free after",
                            "      xmlSchemaItemListAdd.",
                            "    - CVE-2024-56171",
                            "  * SECURITY UPDATE: stack-based buffer overflow",
                            "    - debian/patches/CVE-2025-24928-pre1.patch: Check for NULL node->name",
                            "      in xmlSnprintfElements.",
                            "    - debian/patches/CVE-2025-24928.patch: Fix stack-buffer-overflow in",
                            "      xmlSnprintfElements.",
                            "    - CVE-2025-24928",
                            "  * SECURITY UPDATE: NULL pointer dereference",
                            "    - debian/patches/CVE-2025-27113.patch: Fix compilation of explicit",
                            "      child axis.",
                            "    - CVE-2025-27113",
                            ""
                        ],
                        "package": "libxml2",
                        "version": "2.9.13+dfsg-1ubuntu0.6",
                        "urgency": "medium",
                        "distributions": "jammy-security",
                        "launchpad_bugs_fixed": [],
                        "author": "Fabian Toepfer <fabian.toepfer@canonical.com>",
                        "date": "Fri, 21 Feb 2025 15:30:55 +0100"
                    }
                ],
                "notes": null
            }
        ],
        "snap": []
    },
    "added": {
        "deb": [],
        "snap": []
    },
    "removed": {
        "deb": [],
        "snap": []
    },
    "notes": "Changelog diff for Ubuntu 22.04 jammy image from daily image serial 20250225 to 20250226",
    "from_series": "jammy",
    "to_series": "jammy",
    "from_serial": "20250225",
    "to_serial": "20250226",
    "from_manifest_filename": "daily_manifest.previous",
    "to_manifest_filename": "manifest.current"
}