The existing CVE-2023-39615 against XML2 function xmlSAX2StartElement() looks like is not going to be fixed because code maintainers claim that this is not a security issue. The vulnerable function is used in a few places if SAX1 is enabled (example: xmlSAXVersion()) . After building xml2 without SAX1 and using it in xmlsec, there are failures for a couple of functions that are deprecated and need to be fixed with more up to date alternatives. The functions are xmlParseFile() and xmlParseMamory(). The alternatives are xmlReadFile() and xmlReadMemory() respectively.
The existing CVE-2023-39615 against XML2 function xmlSAX2StartElement() looks like is not going to be fixed because code maintainers claim that this is not a security issue. The vulnerable function is used in a few places if SAX1 is enabled (example: xmlSAXVersion()) . After building xml2 without SAX1 and using it in xmlsec, there are failures for a couple of functions that are deprecated and need to be fixed with more up to date alternatives. The functions are xmlParseFile() and xmlParseMamory(). The alternatives are xmlReadFile() and xmlReadMemory() respectively.