Re: testing libxml2 for Wheezy LTS
Hi,
On Tue, Nov 28, 2017 at 10:27:13PM +0100, Thorsten Alteholz wrote:
> Hi everybody,
>
> I uploaded version 2.8.0+dfsg1-7+wheezy11 of libxml2 to:
>
> https://people.debian.org/~alteholz/packages/wheezy-lts/libxml2/
>
> Please give it a try and tell me about any problems you met.
I've tested the package with libvirt (that relies on it for XML parsing)
and did not encounter any issues.
Cheers,
-- Guido
>
> Thanks!
> Thorsten
>
>
> CVE-2017-16931
> parser.c in libxml2 before 2.9.5 mishandles parameter-entity
> references because the NEXTL macro calls the
> xmlParserHandlePEReference function in the case of a '%' character
> in a DTD name.
>
> CVE-2017-16932
> parser.c in libxml2 before 2.9.5 does not prevent infinite
> recursion in parameter entities.
>
>
Reply to: