[Nix-commits] [NixOS/nixpkgs] 5ad81a: libxml2: bugfix updates from git upstream

Vladimír Čunát Thu, 16 Feb 2017 11:22:19 -0800

  Branch: refs/heads/staging
  Home:   https://github.com/NixOS/nixpkgs
  Commit: 5ad81ab09c86a7acc99b31224a6aeb8fca4c152e
      
https://github.com/NixOS/nixpkgs/commit/5ad81ab09c86a7acc99b31224a6aeb8fca4c152e
  Author: Vladimír Čunát <vcu...@gmail.com>
  Date:   2017-02-16 (Thu, 16 Feb 2017)


  Changed paths:
    M pkgs/development/libraries/libxml2/default.nix

  Log Message:
  -----------
  libxml2: bugfix updates from git upstream

This should solve CVE-2016-5131 and some other bugs, but not what Suse
calls CVE-2016-9597: https://bugzilla.suse.com/show_bug.cgi?id=1017497
The bugzilla discussion seems to indicate that the CVE is referenced
incorrectly and only shows reproducing when using command-line flags
that are considered "unsafe".

CVE-2016-9318 also remains unfixed, as I consider their reasoning OK:
https://lwn.net/Alerts/714411/

/cc #22826.

_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] 5ad81a: libxml2: bugfix updates from git upstream

Reply via email to