[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: testing libxml2 for Wheezy LTS



Hi,
On Tue, Nov 28, 2017 at 10:27:13PM +0100, Thorsten Alteholz wrote:
> Hi everybody,
> 
> I uploaded version 2.8.0+dfsg1-7+wheezy11 of libxml2 to:
> 
> https://people.debian.org/~alteholz/packages/wheezy-lts/libxml2/
> 
> Please give it a try and tell me about any problems you met.

I've tested the package with libvirt (that relies on it for XML parsing)
and did not encounter any issues.
Cheers,
 -- Guido

> 
> Thanks!
>  Thorsten
> 
> 
> CVE-2017-16931
>      parser.c in libxml2 before 2.9.5 mishandles parameter-entity
>      references because the NEXTL macro calls the
>      xmlParserHandlePEReference function in the case of a '%' character
>      in a DTD name.
> 
> CVE-2017-16932
>      parser.c in libxml2 before 2.9.5 does not prevent infinite
>      recursion in parameter entities.
> 
> 


Reply to: