Errata overview
Errata ID 340
Date 2016-12-01
Source package libxml2
Fixed in version 2.8.0+dfsg1-7.57.201611102030
This update addresses the following issue(s):
* libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and
  watchOS before 3 allows remote attackers to execute arbitrary code or
  cause a denial of service (memory corruption) via a crafted XML document
* legacy xmlXPtrRangeToFunction could be abused to trigger use-after-free
error with the potential for remote code execution (CVE-2016-5131)
Additional notes
CVE ID CVE-2016-4658
UCS Bug number #42892