import CS git libxml2-2.9.7-21.el8_10.5

SOURCES/libxml2-2.9.13-CVE-2024-34459.patch

@@ -0,0 +1,26 @@
+From 8ddc7f13337c9fe7c6b6e616f404b0fffb8a5145 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Wed, 8 May 2024 11:49:31 +0200
+Subject: [PATCH] [CVE-2024-34459] Fix buffer overread with `xmllint --htmlout`
+
+Add a missing bounds check.
+---
+ xmllint.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/xmllint.c b/xmllint.c
+index 0e433b721..62f6b0273 100644
+--- a/xmllint.c
++++ b/xmllint.c
+@@ -559,7 +559,7 @@ xmlHTMLPrintFileContext(xmlParserInputPtr input) {
+     len = strlen(buffer);
+     snprintf(&buffer[len], sizeof(buffer) - len, "\n");
+     cur = input->cur;
+-    while ((*cur == '\n') || (*cur == '\r'))
++    while ((cur > base) && ((*cur == '\n') || (*cur == '\r')))
+ 	cur--;
+     n = 0;
+     while ((cur != base) && (n++ < 80)) {
+-- 
+GitLab
+

SPECS/libxml2.spec

@@ -7,7 +7,7 @@
 
 Name:           libxml2
 Version:        2.9.7
-Release:        21%{?dist}.4
+Release:        21%{?dist}.5
 Summary:        Library providing XML and HTML support
 
 License:        MIT
@@ -85,6 +85,8 @@ Patch33:        libxml2-2.9.7-CVE-2025-7425.patch
 Patch34:         libxml2-2.12.5-CVE-2025-32415.patch
 # https://issues.redhat.com/browse/RHEL-119279
 Patch35:         libxml2-2.9.7-CVE-2025-9714.patch
+# https://redhat.atlassian.net/browse/RHEL-36405
+Patch36:         libxml2-2.9.13-CVE-2024-34459.patch
 
 BuildRequires:  gcc
 BuildRequires:  cmake-rpm-macros
@@ -256,6 +258,9 @@ gzip -9 -c doc/libxml2-api.xml > doc/libxml2-api.xml.gz
 %{python3_sitearch}/libxml2mod.so
 
 %changelog
+* Mon May 18 2026 David King <dking@redhat.com> - 2.9.7-21.5
+- Fix CVE-2024-34459 (RHEL-36405)
+
 * Tue Dec 09 2025 David King <dking@redhat.com> - 2.9.7-21.4
 - Fix CVE-2025-9714 (RHEL-119279)