On 11/12/2020 18:40, Bill Blough wrote:
This patch has been applied in 3.2.3+debian-2 which has been uploaded to
unstable.
I'll leave this bug open in hopes of an eventual upstream fix.
Great!
On 10/12/2020 09:44, Sébastien Delafond wrote:
> thanks for the debdiff, it looks good and the trade-off makes sense. You
> can upload to security-master and I'll take care of the DSA soon.
I did more tests during the past few hours (checking that
XERCES_DISABLE_DTD does address the memory leak and using a couple
reverse dependencies) and just uploaded the buster update to security
master.
(and I'm preparing another update for LTS.)
Cheers!
Sylvain
