libxml2: bugfix updates from git upstream (5ad81ab0) · Commits · jan / nixpkgs

Unverified Commit 5ad81ab0 authored Feb 16, 2017 by

Vladimír Čunát

libxml2: bugfix updates from git upstream

This should solve CVE-2016-5131 and some other bugs, but not what Suse
calls CVE-2016-9597: https://bugzilla.suse.com/show_bug.cgi?id=1017497
The bugzilla discussion seems to indicate that the CVE is referenced
incorrectly and only shows reproducing when using command-line flags
that are considered "unsafe".

CVE-2016-9318 also remains unfixed, as I consider their reasoning OK:
https://lwn.net/Alerts/714411/

/cc #22826.

parent 524de86d

Hide whitespace changes

Inline Side-by-side

Please register or to comment