Marius Bakke <mbakke@fastmail.com> writes:

> Alex Vong <alexvong1995@gmail.com> writes:
>
>> Severity: important
>> Tags: patch security
>>
>> Hi,
>>
>> This patch fixes CVEs of libxml2. The changes to 'runtest.c' in
>> 'libxml2-CVE-2017-9049+CVE-2017-9050.patch are removed since they
>> introduce test failure. The changes only enable new tests so it should
>> be fine to remove them.
>
> Thanks for this!  I think we have to graft this fix since changing
> 'libxml2' would rebuild 2/3 of the tree.  Can you try that?
>
> PS: Do you have a Savannah account?  I'm sure Ludo or someone can add
> you given the steady rate of quality commits.

Sure, here is the new patch: