On Tue, Jan 23, 2018 at 9:07 AM, Tomasz Kłoczko
<kloczko.tomasz@xxxxxxxxx> wrote:
If it will be no new actions to the end of this week I'm going to
raise FESCo ticket to takeover at least libxml2.
Yes, libxml2 is security-critical; we can't wait this long to apply
security patches. The Fedora package maintainer needs to be able to
respond in a timely manner. Thanks for working on this, Tomasz.
That said... has the patch been proposed for inclusion upstream? It
looks like Nick Wellnhofer is taking care of libxml2 upstream these
days, so it shouldn't need to wait for Daniel. I see you only included
a link to a Chromium bug report with the patch; IMO that's not good
enough, because we don't know if Chromium has reported the issue
upstream or not. The libxml2 issue tracker is at
https://bugzilla.gnome.org/enter_bug.cgi?product=libxml2.
Michael
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
