Hi
Whilst cherry picking the commit we can verify the testcase attached
in the commit is correctly detected, a minimialized variant of it
would not work, the minimalized variant I mean of
, [ 759579.xml ]
|
| %z;
| ]>
|
`
is
, [ minimized-759579.xml ]
|
| %z;
| ]>
|
`---
Source: libxml2
Version: 2.9.4+dfsg1-5.1
Severity: important
Tags: patch security upstream
Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=759579
Hi,
the following vulnerability was published for libxml2.
CVE-2017-16932[0]:
| parser.c in libxml2 before 2.9.5 does not prevent infinite recur
2 matches
Mail list logo
