GNU bug report logs -
#28294
[PATCH] gnu: libxml2: Fix CVE-2017-{0663, 7375, 7376, 9047, 9048, 9049, 9050}.
Previous Next
Reported by: Alex Vong <alexvong1995 <at> gmail.com>
Date: Wed, 30 Aug 2017 13:33:02 UTC
Severity: important
Tags: patch, security
Done: Marius Bakke <mbakke <at> fastmail.com>
Bug is archived. No further changes may be made.
Full log
Message #16 received at 28294-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Alex Vong <alexvong1995 <at> gmail.com> writes:
> Marius Bakke <mbakke <at> fastmail.com> writes:
>
>> Alex Vong <alexvong1995 <at> gmail.com> writes:
>>
>>> Severity: important
>>> Tags: patch security
>>>
>>> Hi,
>>>
>>> This patch fixes CVEs of libxml2. The changes to 'runtest.c' in
>>> 'libxml2-CVE-2017-9049+CVE-2017-9050.patch are removed since they
>>> introduce test failure. The changes only enable new tests so it should
>>> be fine to remove them.
>>
>> Thanks for this! I think we have to graft this fix since changing
>> 'libxml2' would rebuild 2/3 of the tree. Can you try that?
>>
>> PS: Do you have a Savannah account? I'm sure Ludo or someone can add
>> you given the steady rate of quality commits.
>
> Sure, here is the new patch:
Pushed, thanks! I added tabs before the line breaks in gnu/local.mk,
but otherwise untouched.
Side note: I think we should start adding patches as origins instead of
copying them wholesale, to try and keep the git repository slim.
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 260 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.