Hi Don, Am 24.08.2018 um 06:56 schrieb Don Lewis: > We currently bundle libxml2 version 2.9.4 with trunk. That version of > libxml2 has four CVEs. Fortunately they can only be used to cause a > crash (DoS) instead of something worse. > > There is one CVE for version 2.9.8, but the vulnerability (an infinite > loop DoS) can only be triggered if libxml2 is built with lzma support, > which we do not. > > While here also upgrade libxslt to the latest version since both > libraries come from the same upstream and work together. > > Light testing on Windows and CentOS 6 didn't turn up any problems.
My Windows build based on r1838788 and your patch applied was successful. First test show no anomalies. Regards, Matthias > > OpenOffice on FreeBSD uses the system versions of libxml, version 2.9.7, > and libxslt, version 1.1.32. No problems have been reported with those > versions. > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected]
smime.p7s
Description: S/MIME Cryptographic Signature
