From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: Re: [PATCH 0/3] Expat and libxslt changes for core-updates Date: Thu, 9 Jun 2016 12:43:17 -0400 Message-ID: <20160609164317.GA5540@jasmine> References: <20160608101016.GA20565@debian-netbook> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:49258) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bB33P-0002dp-Ri for guix-devel@gnu.org; Thu, 09 Jun 2016 12:43:36 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bB33K-0000q9-QJ for guix-devel@gnu.org; Thu, 09 Jun 2016 12:43:35 -0400 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:59084) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bB33I-0000oq-HD for guix-devel@gnu.org; Thu, 09 Jun 2016 12:43:30 -0400 Content-Disposition: inline In-Reply-To: <20160608101016.GA20565@debian-netbook> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: Efraim Flashner Cc: guix-devel@gnu.org On Wed, Jun 08, 2016 at 01:10:16PM +0300, Efraim Flashner wrote: > FWIW debian's expat-2.1.1(-3) still has the cve-2015-1283 applied. I looked at the expat Git repo and the original fix for CVE-2015-1283 was part of 2.1.1. The improvement to the fix must be backported. I will take the upstream commit that applies the improvement.