Bug 7566 - Fix schema-validation-regression and CVE-2016-4658 in libxml 2.9.4
: Fix schema-validation-regression and CVE-2016-4658 in libxml 2.9.4
Status: VERIFIED FIXED
Product: Desktop Bugs
Classification: ROSA Desktop
Component: Main Packages
: Fresh
: All Linux
: Normal normal
: ---
Assigned To: ROSA Linux Bugs
: ROSA Linux Bugs
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-12-07 08:09 MSK by Andrey Bondrov
Modified: 2016-12-13 12:04 MSK (History)
1 user (show)

See Also:
RPM Package: libxml2
ISO-related:
Bad POT generating:
Upstream:
vladimir.potapov: qa_verified+
andrey.bondrov: published+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Bondrov 2016-12-07 08:09:25 MSK
We need to fix attribute decoding during XML schema validation ( https://bugzilla.gnome.org/show_bug.cgi?id=766834 )

vctxt->parserCtxt is always NULL in xmlSchemaSAXHandleStartElementNs,
so this function can't call xmlStringLenDecodeEntities to decode the
entities. It breaks perl-XML-LibXML.

We also need to fix CVE-2016-4658.
Comment 1 Andrey Bondrov 2016-12-07 08:09:57 MSK
Advisory: "Fix schema-validation-regression and CVE-2016-4658 in libxml 2.9.4"

https://abf.rosalinux.ru/build_lists/2766191
https://abf.rosalinux.ru/build_lists/2766192
Comment 2 Vladimir Potapov 2016-12-07 12:19:50 MSK
The update is sent to expanded testing
***************************************
Comment 3 Vladimir Potapov 2016-12-12 19:41:11 MSK
libxml2-2.9.4-4
https://abf.rosalinux.ru/build_lists/2766191
https://abf.rosalinux.ru/build_lists/2766192
****************************** Advisory **************************
Fix schema-validation-regression and CVE-2016-4658 in libxml 2.9.4
******************************************************************
QA Verified