libxml2 2.9.4 is released, with a lot of fixed bugs, both with and without CVE IDs:
https://git.gnome.org/browse/libxml2/log/ This patch updates the existing graft by removing patches for two of these fixed bugs, and updating to 2.9.4, fixing 10 additional CVE bugs. The question is: will it work to graft 2.9.4 in place of 2.9.3? Can anyone recommend a package that uses libxml2 in an obvious way (e.g. for parsing an XML configuration file)? Leo Famulari (1): gnu: libxml2: Update replacement to 2.9.4 [security fixes]. gnu/local.mk | 2 - gnu/packages/patches/libxml2-CVE-2016-3627.patch | 61 --------------------- gnu/packages/patches/libxml2-CVE-2016-3705.patch | 68 ------------------------ gnu/packages/xml.scm | 14 +++-- 4 files changed, 10 insertions(+), 135 deletions(-) delete mode 100644 gnu/packages/patches/libxml2-CVE-2016-3627.patch delete mode 100644 gnu/packages/patches/libxml2-CVE-2016-3705.patch -- 2.8.3
