Your message dated Wed, 29 Oct 2014 06:35:09 +0800 with message-id <CAMr=8w7N49H7niUkOJyW3uvcQNwA2M=l-8cywrydjge7ds2...@mail.gmail.com> and subject line has caused the Debian Bug report #762864, regarding libxml2 patch for CVE-2014-0191 wrongly applied to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 762864: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762864 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libxml2 Version: 2.7.8.dfsg-2+squeeze9 2.8.0+dfsg1-7+wheezy1 Severity: important Tags: security Hi, The patch applied to libxml2 for wheezy and squeeze-lts for CVE-2014-0191 seems to be applied wrong. A line is duplicated in xmlSAXParseDTD: @@ -12324,6 +12341,12 @@ xmlSAXParseDTD(xmlSAXHandlerPtr sax, const xmlChar *ExternalID, return(NULL); } + /* We are loading a DTD */ + ctxt->options |= XML_PARSE_DTDLOAD; + + /* We are loading a DTD */ + ctxt->options |= XML_PARSE_DTDLOAD; + /* * Set-up the SAX context */ while the upstream patch applies that line twice, but once each for two different functions as seen in https://git.gnome.org/browse/libxml2/commit/?id=dd8367da17c2948981a51e52c8a6beb445edf825 Can you look into fixes for this? Cheers, Thijs
--- End Message ---
--- Begin Message ---Source: libxml2 Source-Version: 2.8.0+dfsg1-7+wheezy2 Fixed in wheezy security update.
--- End Message ---
