Re: Wheezy update of libxml2?
Hi LTS team
I have started to look into CVE-2016-9318. The solution to this
problem is to introduce a new option that make it possible to disallow
any external entity references. As this is a library it means that all
applications have to be updated to utilize this. Also in many
situations this is actually not advisable unless this is an admin
decision so a new configuration option is needed for all such
Unless anyone object I will mark CVE-2016-9318 as no-dsa.
On 6 January 2017 at 09:33, Aron Xu <email@example.com> wrote:
> On Sun, Jan 1, 2017 at 4:59 AM, Ola Lundqvist <firstname.lastname@example.org> wrote:
>> Hello dear maintainer(s),
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of libxml2:
>> Would you like to take care of this yourself?
>> If yes, please follow the workflow we have defined here:
>> If that workflow is a burden to you, feel free to just prepare an
>> updated source package and send it to email@example.com
>> (via a debdiff, or with an URL pointing to the source package,
>> or even with a pointer to your packaging repository), and the members
>> of the LTS team will take care of the rest. Indicate clearly whether you
>> have tested the updated package or not.
>> If you don't want to take care of this update, it's not a problem, we
>> will do our best with your package. Just let us know whether you would
>> like to review and/or test the updated package before it gets released.
>> You can also opt-out from receiving future similar emails in your
>> answer and then the LTS Team will take care of libxml2 updates
>> for the LTS releases.
> I'm not quite interested in backporting the fixes to LTS branch at
> this moment, but CC'ing the XML/SGML group to see if there's anyone
> else interested...
--- Inguza Technology AB --- MSc in Information Technology ----
/ firstname.lastname@example.org Folkebogatan 26 \
| email@example.com 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /