On Wed, Jun 08, 2016 at 01:10:16PM +0300, Efraim Flashner wrote: > On Tue, Jun 07, 2016 at 08:54:05PM -0400, Leo Famulari wrote: > > Leo Famulari (3): > > gnu: expat: Fix CVE-2016-0718. > > gnu: Remove unused patch. > > gnu: libxslt: Update to 1.1.29. > > FWIW debian's expat-2.1.1(-3) still has the cve-2015-1283 applied. Also, > there's 2 new cves, cve-2012-6702 and cve-2016-5300 > https://www.debian.org/security/2016/dsa-3597 > https://sources.debian.net/src/expat/2.1.1-3/debian/patches/
Thanks for the review! Okay, later today I'll revise this patchset, and also try patching the master branch's expat against the newly disclosed bugs.
