Branch: refs/heads/staging Home: https://github.com/NixOS/nixpkgs Commit: 5ad81ab09c86a7acc99b31224a6aeb8fca4c152e https://github.com/NixOS/nixpkgs/commit/5ad81ab09c86a7acc99b31224a6aeb8fca4c152e Author: Vladimír Čunát <vcu...@gmail.com> Date: 2017-02-16 (Thu, 16 Feb 2017)
Changed paths: M pkgs/development/libraries/libxml2/default.nix Log Message: ----------- libxml2: bugfix updates from git upstream This should solve CVE-2016-5131 and some other bugs, but not what Suse calls CVE-2016-9597: https://bugzilla.suse.com/show_bug.cgi?id=1017497 The bugzilla discussion seems to indicate that the CVE is referenced incorrectly and only shows reproducing when using command-line flags that are considered "unsafe". CVE-2016-9318 also remains unfixed, as I consider their reasoning OK: https://lwn.net/Alerts/714411/ /cc #22826.
_______________________________________________ nix-commits mailing list nix-comm...@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-commits