testing libxml2 for Wheezy LTS

To: debian-lts@lists.debian.org
Subject: testing libxml2 for Wheezy LTS
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 28 Nov 2017 22:27:13 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1711282225210.19451@jupiter.server.alteholz.net>

Hi everybody,

I uploaded version 2.8.0+dfsg1-7+wheezy11 of libxml2 to:

https://people.debian.org/~alteholz/packages/wheezy-lts/libxml2/

Please give it a try and tell me about any problems you met.

Thanks!
 Thorsten


CVE-2017-16931
     parser.c in libxml2 before 2.9.5 mishandles parameter-entity
     references because the NEXTL macro calls the
     xmlParserHandlePEReference function in the case of a '%' character
     in a DTD name.

CVE-2017-16932
     parser.c in libxml2 before 2.9.5 does not prevent infinite
     recursion in parameter entities.

Reply to:

Follow-Ups:
- Re: testing libxml2 for Wheezy LTS
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: Re: About libreoffice CVE
Next by Date: [PATCH 1/3] report-vuln: Use spaces instead of tabs
Previous by thread: reportbug: please inform security and lts teams about security update regressions
Next by thread: Re: testing libxml2 for Wheezy LTS
Index(es):
- Date
- Thread