Hi everybody, I uploaded version 2.8.0+dfsg1-7+wheezy11 of libxml2 to:
https://people.debian.org/~alteholz/packages/wheezy-lts/libxml2/ Please give it a try and tell me about any problems you met. Thanks! Thorsten CVE-2017-16931 parser.c in libxml2 before 2.9.5 mishandles parameter-entity references because the NEXTL macro calls the xmlParserHandlePEReference function in the case of a '%' character in a DTD name. CVE-2017-16932 parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in parameter entities.
