Incomplete fix for CVE-2015-7942/libxml2?

To: debian-lts@lists.debian.org
Cc: Thorsten Alteholz <debian@alteholz.de>
Subject: Incomplete fix for CVE-2015-7942/libxml2?
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Mon, 23 Nov 2015 18:36:00 +0100
Message-id: <[🔎] 20151123173600.GA28415@eldamar.local>
Mail-followup-to: debian-lts@lists.debian.org, Thorsten Alteholz <debian@alteholz.de>

Hi

While checking the issues of libxml2 for wheezy, jessie and unstable I
noticed that the squeeze-lts version already addressing CVE-2015-7942
misses one bit.

https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d

was applied, but not

https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f8714149fc88d450

So a next libxml2 update for squeeze-lts might need the second commit
as well.

HTH,

Regards,
Salvatore

Reply to:

Prev by Date: Re: Unsupported packages for Wheezy LTS
Next by Date: Please test eglibc 2.11.3-4+deb6u8
Previous by thread: squeeze update of libxml2?
Next by thread: Please test eglibc 2.11.3-4+deb6u8
Index(es):
- Date
- Thread