[xml/sgml-pkgs] Bug#765722: CVE-2014-3660 libxml2 billion laugh variant
Lucas Nussbaum
lucas at debian.org
Sat Nov 8 10:52:27 UTC 2014
Hi,
I looked at this bug (kind-of randomly looking through RC bugs).
The current status is:
- fixed in unstable with a new upstream version
- that new upstream version was aged/2
- however, an RC bug (#766884) was found in that new upstream version
- in the upstream bug[1] for #766884, the upstream author says
'it's not gonna be simple :-('
:-(
A good strategy is probably to see if the upstream bug get fixed soon,
migrate the fixed new upstream if that's the case, and issue a targetted
fix for #765722 if that's not the case.
However, maybe the release team prefers a targetted fix anyway?
(I did not really understand if the fix for #765722 is related to the
introduction of #766884. But I believe they are independant)
[1] https://bugzilla.gnome.org/show_bug.cgi?id=737840
Lucas
More information about the debian-xml-sgml-pkgs
mailing list