Re: testing libxml2 for Wheezy LTS

To: Thorsten Alteholz <debian@alteholz.de>
Cc: debian-lts@lists.debian.org
Subject: Re: testing libxml2 for Wheezy LTS
From: Guido Günther <agx@sigxcpu.org>
Date: Thu, 30 Nov 2017 11:38:48 +0100
Message-id: <[🔎] 20171130103848.asodd6m3gzrdclnh@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, Thorsten Alteholz <debian@alteholz.de>, debian-lts@lists.debian.org
In-reply-to: <[🔎] alpine.DEB.2.02.1711282225210.19451@jupiter.server.alteholz.net>
References: <[🔎] alpine.DEB.2.02.1711282225210.19451@jupiter.server.alteholz.net>

Hi,
On Tue, Nov 28, 2017 at 10:27:13PM +0100, Thorsten Alteholz wrote:
> Hi everybody,
> 
> I uploaded version 2.8.0+dfsg1-7+wheezy11 of libxml2 to:
> 
> https://people.debian.org/~alteholz/packages/wheezy-lts/libxml2/
> 
> Please give it a try and tell me about any problems you met.

I've tested the package with libvirt (that relies on it for XML parsing)
and did not encounter any issues.
Cheers,
 -- Guido

> 
> Thanks!
>  Thorsten
> 
> 
> CVE-2017-16931
>      parser.c in libxml2 before 2.9.5 mishandles parameter-entity
>      references because the NEXTL macro calls the
>      xmlParserHandlePEReference function in the case of a '%' character
>      in a DTD name.
> 
> CVE-2017-16932
>      parser.c in libxml2 before 2.9.5 does not prevent infinite
>      recursion in parameter entities.
> 
>

Reply to:

Follow-Ups:
- Re: testing libxml2 for Wheezy LTS
  - From: Thorsten Alteholz <debian@alteholz.de>

References:
- testing libxml2 for Wheezy LTS
  - From: Thorsten Alteholz <debian@alteholz.de>

Prev by Date: [PATCH] report-vuln: allow to invoke mailer
Next by Date: Re: testing libxml2 for Wheezy LTS
Previous by thread: testing libxml2 for Wheezy LTS
Next by thread: Re: testing libxml2 for Wheezy LTS
Index(es):
- Date
- Thread