Alex Vong writes: > Marius Bakke writes: > >> Alex Vong writes: >> >>> Severity: important >>> Tags: patch security >>> >>> Hi, >>> >>> This patch fixes CVEs of libxml2. The changes to 'runtest.c' in >>> 'libxml2-CVE-2017-9049+CVE-2017-9050.patch are removed since they >>> introduce test failure. The changes only enable new tests so it should >>> be fine to remove them. >> >> Thanks for this! I think we have to graft this fix since changing >> 'libxml2' would rebuild 2/3 of the tree. Can you try that? >> >> PS: Do you have a Savannah account? I'm sure Ludo or someone can add >> you given the steady rate of quality commits. > > Sure, here is the new patch: Pushed, thanks! I added tabs before the line breaks in gnu/local.mk, but otherwise untouched. Side note: I think we should start adding patches as origins instead of copying them wholesale, to try and keep the git repository slim.