On 23 January 2018 at 15:59, <mcatanzaro(a)gnome.org> wrote:
[..]
That said... has the patch been proposed for inclusion upstream? It
looks
like Nick Wellnhofer is taking care of libxml2 upstream these days, so it
shouldn't need to wait for Daniel. I see you only included a link to a
Chromium bug report with the patch; IMO that's not good enough, because we
don't know if Chromium has reported the issue upstream or not. The libxml2
issue tracker is at
https://bugzilla.gnome.org/enter_bug.cgi?product=libxml2.
Everything at the moment is only in the ticket:
https://bugzilla.redhat.com/show_bug.cgi?id=1529121
As I have gnome bugzilla account as well will ASAP try create necessary ticket.
CVE patch is in partial pull request patch and can be cherry picket
using git (and resolve patch conflict by delete all libxml2.spec
changes)
https://src.fedoraproject.org/fork/kloczek/rpms/libxml2/c/eb936f5b802a454...
Or even c&p or download from:
https://src.fedoraproject.org/fork/kloczek/rpms/libxml2/raw/eb936f5b802a4...
and added manually to existing latest libxml2.spec.
kloczek
--
Tomasz Kłoczko | LinkedIn:
http://lnkd.in/FXPWxH