GNU bug report logs - #28294
[PATCH] gnu: libxml2: Fix CVE-2017-{0663, 7375, 7376, 9047, 9048, 9049, 9050}.

Previous Next

Package: guix-patches;

Reported by: Alex Vong <alexvong1995 <at> gmail.com>

Date: Wed, 30 Aug 2017 13:33:02 UTC

Severity: important

Tags: patch, security

Done: Marius Bakke <mbakke <at> fastmail.com>

Bug is archived. No further changes may be made.

Full log

Message #8 received at 28294 <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <mbakke <at> fastmail.com>
To: Alex Vong <alexvong1995 <at> gmail.com>, 28294 <at> debbugs.gnu.org
Subject: Re: [bug#28294] [PATCH] gnu: libxml2: Fix CVE-2017-{0663, 7375, 7376,
 9047, 9048, 9049, 9050}.
Date: Wed, 30 Aug 2017 20:57:37 +0200

[Message part 1 (text/plain, inline)]

Alex Vong <alexvong1995 <at> gmail.com> writes:

> Severity: important
> Tags: patch security
>
> Hi,
>
> This patch fixes CVEs of libxml2. The changes to 'runtest.c' in
> 'libxml2-CVE-2017-9049+CVE-2017-9050.patch are removed since they
> introduce test failure. The changes only enable new tests so it should
> be fine to remove them.

Thanks for this!  I think we have to graft this fix since changing
'libxml2' would rebuild 2/3 of the tree.  Can you try that?

PS: Do you have a Savannah account?  I'm sure Ludo or someone can add
you given the steady rate of quality commits.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 7 years and 260 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #28294 [PATCH] gnu: libxml2: Fix CVE-2017-{0663, 7375, 7376, 9047, 9048, 9049, 9050}.

GNU bug report logs - #28294
[PATCH] gnu: libxml2: Fix CVE-2017-{0663, 7375, 7376, 9047, 9048, 9049, 9050}.