Merge pull request #214 from jlsec-bot/search-20251028T032610Z

[automatic] Publish and update 3 advisories for XML2_jll, Poppler_jll and libssh_jll

Author: mbauman

advisories/published/2025/JLSEC-0000-mnsi5ebi4-16m3c6v.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.3"
+id = "JLSEC-0000-mnsi5ebi4-16m3c6v"
+modified = 2025-10-28T03:25:00.988Z
+upstream = ["CVE-2021-30860"]
+references = ["http://seclists.org/fulldisclosure/2021/Sep/25", "http://seclists.org/fulldisclosure/2021/Sep/26", "http://seclists.org/fulldisclosure/2021/Sep/27", "http://seclists.org/fulldisclosure/2021/Sep/28", "http://seclists.org/fulldisclosure/2021/Sep/38", "http://seclists.org/fulldisclosure/2021/Sep/39", "http://seclists.org/fulldisclosure/2021/Sep/40", "http://seclists.org/fulldisclosure/2021/Sep/50", "http://www.openwall.com/lists/oss-security/2022/09/02/11", "https://security.gentoo.org/glsa/202209-21", "https://support.apple.com/en-us/HT212804", "https://support.apple.com/en-us/HT212805", "https://support.apple.com/en-us/HT212806", "https://support.apple.com/en-us/HT212807", "https://support.apple.com/kb/HT212824", "http://seclists.org/fulldisclosure/2021/Sep/25", "http://seclists.org/fulldisclosure/2021/Sep/26", "http://seclists.org/fulldisclosure/2021/Sep/27", "http://seclists.org/fulldisclosure/2021/Sep/28", "http://seclists.org/fulldisclosure/2021/Sep/38", "http://seclists.org/fulldisclosure/2021/Sep/39", "http://seclists.org/fulldisclosure/2021/Sep/40", "http://seclists.org/fulldisclosure/2021/Sep/50", "http://www.openwall.com/lists/oss-security/2022/09/02/11", "https://security.gentoo.org/glsa/202209-21", "https://support.apple.com/en-us/HT212804", "https://support.apple.com/en-us/HT212805", "https://support.apple.com/en-us/HT212806", "https://support.apple.com/en-us/HT212807", "https://support.apple.com/kb/HT212824", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30860"]
+
+[[affected]]
+pkg = "Poppler_jll"
+ranges = ["< 23.12.0+0"]
+
+[[jlsec_sources]]
+id = "CVE-2021-30860"
+imported = 2025-10-28T03:25:00.969Z
+modified = 2025-10-27T17:38:22.367Z
+published = 2021-08-24T19:15:14.370Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2021-30860"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2021-30860"
+```
+
+# An integer overflow was addressed with improved input validation
+
+An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
+

advisories/published/2025/JLSEC-0000-mnsi5enis-1b5jub9.md

@@ -0,0 +1,24 @@
+```toml
+schema_version = "1.7.3"
+id = "JLSEC-0000-mnsi5enis-1b5jub9"
+modified = 2025-10-28T03:25:16.564Z
+upstream = ["CVE-2025-6021"]
+references = ["https://access.redhat.com/errata/RHSA-2025:10630", "https://access.redhat.com/errata/RHSA-2025:10698", "https://access.redhat.com/errata/RHSA-2025:10699", "https://access.redhat.com/errata/RHSA-2025:11580", "https://access.redhat.com/errata/RHSA-2025:12098", "https://access.redhat.com/errata/RHSA-2025:12099", "https://access.redhat.com/errata/RHSA-2025:12199", "https://access.redhat.com/errata/RHSA-2025:12237", "https://access.redhat.com/errata/RHSA-2025:12239", "https://access.redhat.com/errata/RHSA-2025:12240", "https://access.redhat.com/errata/RHSA-2025:12241", "https://access.redhat.com/errata/RHSA-2025:13267", "https://access.redhat.com/errata/RHSA-2025:13289", "https://access.redhat.com/errata/RHSA-2025:13325", "https://access.redhat.com/errata/RHSA-2025:13335", "https://access.redhat.com/errata/RHSA-2025:13336", "https://access.redhat.com/errata/RHSA-2025:14059", "https://access.redhat.com/errata/RHSA-2025:14396", "https://access.redhat.com/errata/RHSA-2025:15308", "https://access.redhat.com/errata/RHSA-2025:15672", "https://access.redhat.com/errata/RHSA-2025:19020", "https://access.redhat.com/security/cve/CVE-2025-6021", "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926"]
+
+[[affected]]
+pkg = "XML2_jll"
+ranges = ["< 2.14.4+0"]
+
+[[jlsec_sources]]
+id = "CVE-2025-6021"
+imported = 2025-10-28T03:25:16.564Z
+modified = 2025-10-27T18:15:44.393Z
+published = 2025-06-12T13:15:25.590Z
+url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-6021"
+html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-6021"
+```
+
+# A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calcula...
+
+A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
+

advisories/published/2025/JLSEC-2025-96.md

@@ -4,16 +4,16 @@ id = "JLSEC-2025-96"
 modified = 2025-10-27T15:37:42.477Z
 published = 2025-10-19T18:40:48.457Z
 upstream = ["CVE-2025-5318"]
-references = ["https://access.redhat.com/errata/RHSA-2025:18231", "https://access.redhat.com/errata/RHSA-2025:18275", "https://access.redhat.com/errata/RHSA-2025:18286", "https://access.redhat.com/errata/RHSA-2025:19012", "https://access.redhat.com/errata/RHSA-2025:19098", "https://access.redhat.com/security/cve/CVE-2025-5318", "https://bugzilla.redhat.com/show_bug.cgi?id=2369131", "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"]
+references = ["https://access.redhat.com/errata/RHSA-2025:18231", "https://access.redhat.com/errata/RHSA-2025:18275", "https://access.redhat.com/errata/RHSA-2025:18286", "https://access.redhat.com/errata/RHSA-2025:19012", "https://access.redhat.com/errata/RHSA-2025:19098", "https://access.redhat.com/errata/RHSA-2025:19101", "https://access.redhat.com/security/cve/CVE-2025-5318", "https://bugzilla.redhat.com/show_bug.cgi?id=2369131", "https://www.libssh.org/security/advisories/CVE-2025-5318.txt"]
 
 [[affected]]
 pkg = "libssh_jll"
 ranges = ["< 0.11.3+0"]
 
 [[jlsec_sources]]
 id = "CVE-2025-5318"
-imported = 2025-10-27T03:36:38.473Z
-modified = 2025-10-27T03:15:51.067Z
+imported = 2025-10-28T03:25:17.804Z
+modified = 2025-10-27T09:15:37.970Z
 published = 2025-06-24T14:15:30.523Z
 url = "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-5318"
 html_url = "https://nvd.nist.gov/vuln/detail/CVE-2025-5318"