Hi Thorsten, On Wed, Nov 16, 2016 at 03:12:39PM +0100, Thorsten Glaser wrote: > On Wed, 16 Nov 2016, Salvatore Bonaccorso wrote: > > > FWIW, from security-team side I was planning to work on those after > > 2.9.4+dfsg1-2.1 was now exposed enought in unstable first (unless > > OK, thank you. > > > I have it though not yet finalized. > > No worries.
The upstream solution for CVE-2016-9318 seems still to get finalized, and I do not want to rush things on this regard. So I went ahead and finalized the debdiff for #840553, #840554 only. If you want to give it a try, testpackages can be found at: https://people.debian.org/~carnil/tmp/libxml2/ I'm still doing tests, to see I do not introduce any regression with that upload. Regards, Salvatore
