CVE-2017-10672 - Githubissues

shlomif / perl-XML-LibXML

The XML-LibXML CPAN Distribution for Processing XML using the libxml2 library

https://metacpan.org/release/XML-LibXML

Other

17 stars 35 forks source link

CVE-2017-10672 #14

Closed iynehz closed 6 years ago

iynehz commented 6 years ago

I see https://github.com/shlomif/perl-XML-LibXML/pull/9 got closed. I guess CVE-2017-10672 is still not fixed in latest version 2.0131 ?

shlomif commented 6 years ago

On Fri, 27 Oct 2017 07:59:28 +0000 (UTC) stphnlyd notifications@github.com wrote:

I see https://github.com/shlomif/perl-XML-LibXML/pull/9 got closed. I guess CVE-2017-10672 is still not fixed in latest version 2.0131 ?

it is not fixed there as far as I know. Someone should provide an adequate patch or pull-request.

--

Shlomi Fish http://www.shlomifish.org/ https://youtu.be/GoEn1YfYTBM - Tiffany Alvord - “Fall Together”

Barth's Distinction: There are two types of people: those who divide people into two types, and those who don't. — via fortune-mod.

Please reply to list if it's a mailing list post - http://shlom.in/reply .

carnil commented 6 years ago

@shlomif: I that fixed via the merged changed in https://github.com/shlomif/perl-XML-LibXML/pull/8?

shlomif commented 6 years ago

On Sun, 29 Oct 2017 05:49:01 -0700 carnil notifications@github.com wrote:

@shlomif: I that fixed via the merged changed in https://github.com/shlomif/perl-XML-LibXML/pull/8 ?

it is possibly fixed, but may require more thorough testing.

carnil commented 6 years ago

On Sun, Oct 29, 2017 at 01:39:22PM +0000, Shlomi Fish wrote:

On Sun, 29 Oct 2017 05:49:01 -0700 carnil notifications@github.com wrote:

@shlomif: I that fixed via the merged changed in https://github.com/shlomif/perl-XML-LibXML/pull/8 ?

it is possibly fixed, but may require more thorough testing.

Thanks for the quick reply.

As datapoint to check against the previous menitoned failures to build on various architectures, I have now uploaded to Debian experimental a version cherry-picking

729cb0f96a4c7c4d5c885f3d699fe587edb30cab..85dc8d5d4b905b323a46ef7e611d889b1c3375df

Results: https://buildd.debian.org/status/package.php?p=libxml-libxml-perl&suite=experimental

Regards, Salvatore

shlomif commented 6 years ago

@carnil : can I close this issue?

carnil commented 6 years ago

Hi!

On Fri, May 18, 2018 at 12:38:41PM -0700, Shlomi Fish wrote:

@carnil : can I close this issue?

Yes I guess so.

shlomif commented 6 years ago

Thanks , closing.