On 23 January 2018 at 16:24, Tomasz Kłoczko <kloczko.tomasz@xxxxxxxxx> wrote: > On 23 January 2018 at 15:59, <mcatanzaro@xxxxxxxxx> wrote: > [..] >> That said... has the patch been proposed for inclusion upstream? It looks >> like Nick Wellnhofer is taking care of libxml2 upstream these days, so it >> shouldn't need to wait for Daniel. I see you only included a link to a >> Chromium bug report with the patch; IMO that's not good enough, because we >> don't know if Chromium has reported the issue upstream or not. The libxml2 >> issue tracker is at >> https://bugzilla.gnome.org/enter_bug.cgi?product=libxml2. > > Everything at the moment is only in the ticket: > https://bugzilla.redhat.com/show_bug.cgi?id=1529121 > As I have gnome bugzilla account as well will ASAP try create necessary ticket. Just found a bit more in RH bugzilla searching for "CVE-2016-9597" https://bugzilla.redhat.com/show_bug.cgi?id=1408305 and more is here: https://access.redhat.com/errata/RHSA-2016:2957 Looks like at the moment this bug is affecting at least jboss. Because this patch has been added to chrome source tree it is quite possible that it affects generally gnome desktop as well. Strange only is that looks like this bug already is known more than year! kloczek -- Tomasz Kłoczko | LinkedIn: http://lnkd.in/FXPWxH _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
