On 2021-09-20 17:50:56 +0200, Thorsten Glaser wrote: > > > But if this upstream change affects DTDs that were once released, maybe > > > it should accept, but ignore, this specific wrong redeclaration. > > > > Perhaps. This should probably be first talked with upstream. > > So indeed. Can one of you bring this to them? (My contributions to > libxml2 don’t appear to be liked, even if multiple CVEs could have > been avoided by applying them.)
Done here: https://gitlab.gnome.org/GNOME/libxml2/-/issues/307 I've also reported https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994795 against w3-dtd-mathml, which has a similar issue (also invalid redeclarations of the amp and lt entities, though these redeclarations are different from the w3c-dtd-xhtml ones). BTW, this doesn't affect only validation, but also entity resolution, e.g. when using "xmllint --noent", which makes the issue even worse. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
