This patch fixes CVE-2016-4658 and CVE-2016-5131 in libxml2. I noticed that Debian applied several more upstream changes to their package:
https://anonscm.debian.org/cgit/debian-xml-sgml/libxml2.git/tree/debian/patches Here is the upstream repository: https://git.gnome.org/browse/libxml2/log/ Your thoughts? Leo Famulari (1): gnu: libxml: Fix CVE-2016-{4658,5131}. gnu/local.mk | 2 + gnu/packages/patches/libxml2-CVE-2016-4658.patch | 257 +++++++++++++++++++++++ gnu/packages/patches/libxml2-CVE-2016-5131.patch | 218 +++++++++++++++++++ gnu/packages/xml.scm | 2 + 4 files changed, 479 insertions(+) create mode 100644 gnu/packages/patches/libxml2-CVE-2016-4658.patch create mode 100644 gnu/packages/patches/libxml2-CVE-2016-5131.patch -- 2.11.0
