Re: [xml] Release of libxml2-2.9.9

Hei hei,

Am Donnerstag, 3. Januar 2019, 20:30:29 CET schrieb Daniel Veillard via xml:
- CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression (Nick
Wellnhofer) - CVE-2018-14404 Fix nullptr deref with XPath logic ops (Nick

What about CVE-2017-8872?

Debian (and SuSE) have a patch:

According to and that might have been fixed by 
accident with git commit v2.9.8-26-g123234f2?

The Debian patch still applies on 2.9.9, but I don't understand libxml2 well 
enough to say if it is harmful now and should be dropped? I also can not say 
if CVE-2017-8872 is really mitigated with v2.9.8-26-g123234f2?

Anyone else?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]