Would it be possible to get z3c.recipe.staticlxml to apply the patch for CVE-2011-3919? Version 2.7.8 and earlier of libxml2 are vulnerable, and I'm not sure when we may get a newer version with the fix. We use z3c.recipe.staticlxml in the Plone Unified Installer.
A couple of information sources on the vulnerability:
Hi Stefan,
Would it be possible to get z3c.recipe.staticlxml to apply the patch for CVE-2011-3919? Version 2.7.8 and earlier of libxml2 are vulnerable, and I'm not sure when we may get a newer version with the fix. We use z3c.recipe.staticlxml in the Plone Unified Installer.
A couple of information sources on the vulnerability:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3919
http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3919.html
and, the patch, from Daniel Veillard:
http://git.gnome.org/browse/libxml2/commit/?id=5bd3c061823a8499b27422aee04ea20aae24f03e
Thanks, Steve McMahon