On 30/01/2019 10:36, Alexander Dahl wrote:
What about CVE-2017-8872?
Debian (and SuSE) have a patch:
https://sources.debian.org/patches/libxml2/2.9.8+dfsg-1/0003-CVE-2017-8872.patch/
https://security-tracker.debian.org/tracker/CVE-2017-8872
According to
Hei hei,
Am Donnerstag, 3. Januar 2019, 20:30:29 CET schrieb Daniel Veillard via xml:
> Security:
> - CVE-2018-9251 CVE-2018-14567 Fix infinite loop in LZMA decompression (Nick
> Wellnhofer) - CVE-2018-14404 Fix nullptr deref with XPath logic ops (Nick
> Wellnhofer)
What about CVE-2017-8872?
Happy New Year,
the release is finally out, I just tagged it in git and pushed signed
tarball and rpms to the usual place:
ftp://xmlsoft.org/libxml2/
this is a mixed release, it includes security fixes, bug fixes as well
as improvement and portability fixes for cygwin:
Security:
-