[xml/sgml-pkgs] Bug#993638: Bug#993638: libxml2: XHTML 1.0 validation is broken
Vincent Lefevre
vincent at vinc17.net
Tue Sep 21 02:18:32 BST 2021
On 2021-09-20 17:50:56 +0200, Thorsten Glaser wrote:
> > > But if this upstream change affects DTDs that were once released, maybe
> > > it should accept, but ignore, this specific wrong redeclaration.
> >
> > Perhaps. This should probably be first talked with upstream.
>
> So indeed. Can one of you bring this to them? (My contributions to
> libxml2 don’t appear to be liked, even if multiple CVEs could have
> been avoided by applying them.)
Done here: https://gitlab.gnome.org/GNOME/libxml2/-/issues/307
I've also reported
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994795
against w3-dtd-mathml, which has a similar issue (also invalid
redeclarations of the amp and lt entities, though these
redeclarations are different from the w3c-dtd-xhtml ones).
BTW, this doesn't affect only validation, but also entity resolution,
e.g. when using "xmllint --noent", which makes the issue even worse.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the debian-xml-sgml-pkgs
mailing list