[xml/sgml-pkgs] Bug#774358: libxml2: CVE-2014-3660 patch makes installation-guide FTBFS

Cyril Brulebois kibi at debian.org
Fri Apr 3 21:34:06 UTC 2015


Hi people,

(adding debian-boot@ for reference.)

Samuel Thibault <sthibault at debian.org> (2015-03-26):
> Samuel Thibault, le Thu 26 Mar 2015 02:17:01 +0100, a écrit :
> > Control: found -1 2.8.0+dfsg1-7+wheezy3
> > 
> > This is still an issue in stable, the proposed patch was not applied
> > there, and thus installation-guide still FTBFS on wheezy, notably on our
> > dillon.debian.org machine, thus making http://d-i.debian.org/manual/
> > completely out of date. Could this be proposed for stable update?
> > 
> > I have attached the proposed patch again.
> 
> Just to insist: while the symptoms of my report (#774358) may look like
> #768089, the *actual* bug is *not* the same. Please read my bug report
> and the proposed patch again: the issue is that the security fix for
> CVE-2014-3660 from a newer version of libxml2 (2.9.x) was backported
> into the libxml2 of wheezy (2.8.x) without noticing the subtle source
> code difference which does matter a lot.

As one of the guys receiving a notification of the FTBFS every time
the crontab entry is triggered, and who would like to make sure the
installation guide is actually buildable *and* up-to-date, I really
would like to get a fix for this regression ASAP. It's been more than
3 months since this bug report about ***stable being broken*** has
been opened.

Thanks already.

Mraw,
KiBi.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/debian-xml-sgml-pkgs/attachments/20150403/d32545e7/attachment.sig>


More information about the debian-xml-sgml-pkgs mailing list