On 2014-10-30 09:19:30 +0100, intrigeri wrote:
> Vincent Lefevre wrote (30 Oct 2014 02:39:02 GMT) :
> > On 2014-10-29 23:34:37 +0100, intrigeri wrote:
> >> Does this bug really make libxml2 unusable for everybody?
>
> > This is a major regression. Many users may be affected.
>
> That's exactly what I was trying to evaluate :)
It's rather difficult to say about users. One can already look at
software using XML files that may be affected by the bug. I've done a
quick search on 'ENTITY.*SYSTEM' on the few sources that are present
on my machine (this concerns only some software I needed to build or
look at). I suppose that gdm documentation is affected: gdm/docs/C
has:
* index.docbook which contains:
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.1.2//EN"
"http://www.oasis-open.org/docbook/xml/4.1.2/docbookx.dtd"; [
<!ENTITY legal SYSTEM "legal.xml">
<!ENTITY version "2.26.0">
<!ENTITY date "02/10/2009">
<!ENTITY mdash "—">
<!ENTITY percnt "%">
]>
* legal.xml which contains:
<legalnotice id="legalnotice">
so that I suppose that the bug would appear on it. The consequences
depend on what is done with this, but using the buggy libxml2 version
would make this DocBook file appear as invalid. Ideally validation
should really be done at build time and/or with "make check", so that
if everything is done correctly, you can consider this like a build
failure.
--
Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
