Hi, On Tue, May 04, 2021 at 09:19:20PM +0200, Salvatore Bonaccorso wrote: > Package: release.debian.org > Severity: normal > User: [email protected] > Usertags: unblock > X-Debbugs-Cc: [email protected] > > Dear release team > > This is a pre-approval request to please unblock package libxml2 (not > yet uploaded to unstable, but to experimental so far as > 2.9.10+dfsg-6.4). > > Please unblock package libxml2 > > [ Reason ] > > The update would fix three CVEs recently reported, CVE-2021-3516 > (#987739), CVE-2021-3517 (#987738) and CVE-2021-3518 (#987737). > Which are not very severe but we still wanted to try to get fixes into > bullseye. > > [ Impact ] > > Package still affected by those CVEs. > > [ Tests ] > > For those three CVEs pocs are available, which I had tested before and > with the fix, except CVE-2021-3516, which I could not trigger the > issue, but the change is simple. > > Furthermore given I uploaded to experimental there was additional > exposure by the autopkgtests. From those as you can see from > https://release.debian.org/britney/pseudo-excuses-experimental.html > three marked regressions, but both balsa and kopanocore were already > before failing. For libreoffice the tests somehow are flapping where > they fail, I do not see a relation to the libxml2 here. libreoffice > failed there in the last run for uicheck-sc test (triggered by > python3.9), but in the libxml2 case it failed for the uicheck-sw test > and for the prvious failure it was again one other test.
To confirm: And in fact just one other run did not fail: https://ci.debian.net/data/autopkgtest/unstable/amd64/libr/libreoffice/12125523/log.gz Regards, Salvatore
