Hi, On Tue, Nov 28, 2017 at 10:27:13PM +0100, Thorsten Alteholz wrote: > Hi everybody, > > I uploaded version 2.8.0+dfsg1-7+wheezy11 of libxml2 to: > > https://people.debian.org/~alteholz/packages/wheezy-lts/libxml2/ > > Please give it a try and tell me about any problems you met.
I've tested the package with libvirt (that relies on it for XML parsing) and did not encounter any issues. Cheers, -- Guido > > Thanks! > Thorsten > > > CVE-2017-16931 > parser.c in libxml2 before 2.9.5 mishandles parameter-entity > references because the NEXTL macro calls the > xmlParserHandlePEReference function in the case of a '%' character > in a DTD name. > > CVE-2017-16932 > parser.c in libxml2 before 2.9.5 does not prevent infinite > recursion in parameter entities. > >
