Hi Whilst cherry picking the commit we can verify the testcase attached in the commit is correctly detected, a minimialized variant of it would not work, the minimalized variant I mean of
,---- [ 759579.xml ] | <!DOCTYPE doc [ | <!ENTITY % z ' | %z; %z; %z; %z; %z; | %z; %z; %z; %z; %z; | %z; %z; %z; %z; %z; | %z; %z; %z; %z; %z; | %z; %z; %z; %z; %z; | '> | %z; | ]> | <doc/> `---- is ,---- [ minimized-759579.xml ] | <!DOCTYPE doc [ | <!ENTITY % z ' %z;'> | %z; | ]> | <doc/> `---- I have verified that the issue is adressed with libxml2 git chcked out at 899a5d9f0ed13b8e32449a08a361e0de127dd961 so guess the best action is to update to 2.9.7. If we want to fix it isolately we might need some other prerequisite between upsteam v2.9.4 to 899a5d9f0ed13b8e32449a08a361e0de127dd961 (v2.9.5-rc1) marked the issue as no-dsa for jessie and stretch, let us know if you disagree. Regards, Salvatore
