Fix CVE-2025-49795 (RHEL-96408)

Resolves: RHEL-96408

libxml2-2.12.5-CVE-2025-49795.patch

@@ -0,0 +1,28 @@
+From ea338a6ddc9b9e2699d4d15990832549156a92c0 Mon Sep 17 00:00:00 2001
+From: Michael Mann <mmann78@netscape.net>
+Date: Sat, 21 Jun 2025 12:11:30 -0400
+Subject: [PATCH] Schematron: Fix null pointer dereference leading to DoS
+
+(CVE-2025-49795)
+
+Fixes #932
+---
+ schematron.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/schematron.c b/schematron.c
+index 5c1a27bf1..d33755e6d 100644
+--- a/schematron.c
++++ b/schematron.c
+@@ -1453,6 +1453,8 @@ xmlSchematronFormatReport(xmlSchematronValidCtxtPtr ctxt,
+             select = xmlGetNoNsProp(child, BAD_CAST "select");
+             comp = xmlXPathCtxtCompile(ctxt->xctxt, select);
+             eval = xmlXPathCompiledEval(comp, ctxt->xctxt);
++            if (eval == NULL)
++                return ret;
+ 
+             switch (eval->type) {
+             case XPATH_NODESET: {
+-- 
+GitLab
+

libxml2.spec

@@ -28,6 +28,8 @@ Patch4:         libxml2-2.12.5-CVE-2025-24928.patch
 Patch5:         libxml2-2.12.5-CVE-2025-6021.patch
 # https://issues.redhat.com/browse/RHEL-96995
 Patch6:         libxml2-2.12.5-CVE-2025-49794.patch
+# https://issues.redhat.com/browse/RHEL-96408
+Patch7:         libxml2-2.12.5-CVE-2025-49795.patch
 
 BuildRequires:  cmake-rpm-macros
 BuildRequires:  gcc
@@ -171,6 +173,7 @@ popd
 * Mon Jun 16 2025 David King <dking@redhat.com> - 2.12.5-6
 - Fix CVE-2025-6021 (RHEL-96495)
 - Fix CVE-2025-49794 (RHEL-96395)
+- Fix CVE-2025-49795 (RHEL-96408)
 
 * Mon Feb 24 2025 David King <dking@redhat.com> - 2.12.5-5
 - Fix CVE-2024-56171 (RHEL-80119)