Public bug reported: The fix for CVE-2014-0191 changed the parser to not load external entities unless in noent or validating mode. Unfortunately, this breaks "xmllint --xinclude --postvalid" when (for example) validating docbook files, and as a result this breaks the build for a number of distro packages.
I stole this report from the Gentoo bug database, but it also applies to Ubuntu. The related bug reports: Gentoo: https://bugs.gentoo.org/show_bug.cgi?id=510508 - libxml2-2.9.1-r3 fails - libxml2-2.9.1-r4 works Upstream, includes patch: https://bugzilla.gnome.org/show_bug.cgi?id=730290 Ubuntu package: - 2.9.1+dfsg1-3ubuntu4 works - 2.9.1+dfsg1-3ubuntu4.1 fails Temporary solution is to downgrade: - apt-get install libxml2-dev=2.9.1+dfsg1-3ubuntu4 libxml2=2.9.1+dfsg1-3ubuntu4 ** Affects: libxml2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1322039 Title: xmllint --xinclude --postvalid broken by CVE-2014-0191 fix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1322039/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
