On Wed, Jun 08, 2016 at 07:50:25AM -0400, Leo Famulari wrote: > On Wed, Jun 08, 2016 at 01:10:16PM +0300, Efraim Flashner wrote: > > On Tue, Jun 07, 2016 at 08:54:05PM -0400, Leo Famulari wrote: > > > Leo Famulari (3): > > > gnu: expat: Fix CVE-2016-0718. > > > gnu: Remove unused patch. > > > gnu: libxslt: Update to 1.1.29. > > > > FWIW debian's expat-2.1.1(-3) still has the cve-2015-1283 applied. Also, > > there's 2 new cves, cve-2012-6702 and cve-2016-5300 > > https://www.debian.org/security/2016/dsa-3597 > > https://sources.debian.net/src/expat/2.1.1-3/debian/patches/ > > Thanks for the review! > > Okay, later today I'll revise this patchset, and also try patching the > master branch's expat against the newly disclosed bugs.
As always, if somebody wants to handle patching expat on the master branch sooner than I can, I won't mind :)
