Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
libxml2: bugfix updates from git upstream
This should solve CVE-2016-5131 and some other bugs, but not what Suse calls CVE-2016-9597: https://bugzilla.suse.com/show_bug.cgi?id=1017497 The bugzilla discussion seems to indicate that the CVE is referenced incorrectly and only shows reproducing when using command-line flags that are considered "unsafe". CVE-2016-9318 also remains unfixed, as I consider their reasoning OK: https://lwn.net/Alerts/714411/ /cc #22826.
- Loading branch information
5ad81ab
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be applied to 16.09 as well?
5ad81ab
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, and you did so: 1cc9887. I was originally waiting for rebuild to finish on staging to get more confidence it won't break anything.