On 23 January 2018 at 15:59, <mcatanzaro@xxxxxxxxx> wrote: [..] > That said... has the patch been proposed for inclusion upstream? It looks > like Nick Wellnhofer is taking care of libxml2 upstream these days, so it > shouldn't need to wait for Daniel. I see you only included a link to a > Chromium bug report with the patch; IMO that's not good enough, because we > don't know if Chromium has reported the issue upstream or not. The libxml2 > issue tracker is at > https://bugzilla.gnome.org/enter_bug.cgi?product=libxml2. Everything at the moment is only in the ticket: https://bugzilla.redhat.com/show_bug.cgi?id=1529121 As I have gnome bugzilla account as well will ASAP try create necessary ticket. CVE patch is in partial pull request patch and can be cherry picket using git (and resolve patch conflict by delete all libxml2.spec changes) https://src.fedoraproject.org/fork/kloczek/rpms/libxml2/c/eb936f5b802a45441abab45fa6f1707bd0575651 Or even c&p or download from: https://src.fedoraproject.org/fork/kloczek/rpms/libxml2/raw/eb936f5b802a45441abab45fa6f1707bd0575651 and added manually to existing latest libxml2.spec. kloczek -- Tomasz Kłoczko | LinkedIn: http://lnkd.in/FXPWxH _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
