openSUSE has issued an advisory on October 21:
The issues are fixed upstream in 2.10.3.
Mageia 8 is also affected.
Fixed upstream in 2.10.3Whiteboard:
Fedora has issued an advisory for this today (October 25):
Various packagers deal with this SRPM, so assigning globally.
SUSE has issued an advisory for this on October 25:
We may be missing the fix for CVE-2016-3709 in Mageia 8.
Debian-LTS has issued an advisory for this on October 30:
(In reply to David Walser from comment #3)
> SUSE has issued an advisory for this on October 25:
> We may be missing the fix for CVE-2016-3709 in Mageia 8.
I found that CVE-2016-3709 was fixed in bug 30712.
The updated packages fix security vulnerabilities:
Integer overflows with XML_PARSE_HUGE. (CVE-2022-40303)
Dict corruption caused by entity reference cycles. (CVE-2022-40304)
Updated packages in core/updates_testing:
Fixed upstream in 2.10.3 =>
MGA8-64 MATE on Acer Aspire 5253
No installation issues.
Followed the wiki, but the last line of the py script throws an error now. I will upload the files as I used them here.
$ python testxml.py
$ python3 testxml.py
$ xmllint --auto
$ xmlcatalog --create
<!DOCTYPE catalog PUBLIC "-//OASIS//DTD Entity Resolution XML Catalog V1.0//EN" "http://www.oasis-open.org/committees/entity/release/1.0/catalog.dtd">
This all looks OK. Took Len's suggestion and used chromium to browse around in the libxml2 tutorial, worked perfectly OK.
Created attachment 13474 [details]
py script to run
Created attachment 13475 [details]
testdata for py script
Validating. Advisory in Comment 6.
An update for this issue has been pushed to the Mageia Updates repository.
Created attachment 14078 [details]
Correct testdata for py script
Original testdata file was actually a second copy of the py script.
Attachment 13475 is obsolete: