Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libxml2 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1322039
Title:
xmllint --xinclude --postvalid broken by CVE-2014-0191 fix
Status in “libxml2” package in Ubuntu:
Confirmed
Bug description:
The fix for CVE-2014-0191 changed the parser to not load external
entities unless in noent or validating mode. Unfortunately, this
breaks "xmllint --xinclude --postvalid" when (for example) validating
docbook files, and as a result this breaks the build for a number of
distro packages.
I stole this report from the Gentoo bug database, but it also applies
to Ubuntu. The related bug reports:
Gentoo:
https://bugs.gentoo.org/show_bug.cgi?id=510508
- libxml2-2.9.1-r3 fails
- libxml2-2.9.1-r4 works
Upstream, includes patch:
https://bugzilla.gnome.org/show_bug.cgi?id=730290
Ubuntu package:
- 2.9.1+dfsg1-3ubuntu4 works
- 2.9.1+dfsg1-3ubuntu4.1 fails
Temporary solution is to downgrade:
- apt-get install libxml2-dev=2.9.1+dfsg1-3ubuntu4
libxml2=2.9.1+dfsg1-3ubuntu4
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1322039/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
