Samuel Thibault <sthibault@debian.org> (2015-01-01): > Source: libxml2 > Version: 2.8.0+dfsg1-7+wheezy2 > Severity: serious > Justification: makes other package FTBFS > > Hello, > > The cve-2014-3660.patch patch makes installation-guide FTBFS: > > Entity: line 2: parser error : Detected an entity reference loop > <ulink url="&downloadable-file;images/orion5x/network-console/buffalo/kuroboxpro > ^ > /tmp/manual/en/install-methods/download/arm.xml:40: parser error : Detected an entity reference loop > ^ > > while there is actually no reference loop there. > > > It seems cve-2014-3660.patch is assuming that git commit cff2546 is > applied: notably it copies this code as it is: > > + ent->checked = (ctxt->nbentities - oldnbent + 1) * 2; > > but in libxml2 2.8.0, it was still > > ent->checked = ctxt->nbentities - oldnbent + 1; > > and other parts of the code assume that too. The attached patch fixes > this confusion. Many thanks for the investigation and the bug report… Mraw, KiBi.
Attachment:
signature.asc
Description: Digital signature