Add libxml 2.9.4 for CVE-2017-5969

author: Nguyễn Gia Phong <cnx@loang.net> 2025-01-30 07:36:51 +0900
committer: Nguyễn Gia Phong <cnx@loang.net> 2025-01-30 07:36:51 +0900
commit: 4967394b05bd0ce7a5f43cc138fbb885d54005ee (patch)
tree: c7e769bc530a1780e36144b16a50217ffbe473f4 /README.md
parent: 6bd7cd50ca651dfef957e6c19862e54cdf8c0892 (diff)
download: loftix-4967394b05bd0ce7a5f43cc138fbb885d54005ee.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/README.md b/README.md
index 1e56790..f96e02e 100644
--- a/README.md
+++ b/README.md
@@ -51,6 +51,13 @@ Then run `guix pull`.
 
     guix shell jasper@1.900.19 -- imginfo -f bugs/cve-2016-9557/reproducer
 
+### CVE-2017-5969
+
+[libxml2: null pointer derefence][oss-sec-20161105-3]
+
+    guix shell libxml2@2.9.4 --\
+      xmllint --recover bugs/cve-2017-5969/reproducer.xml
+
 ### CVE-2017-14745
 
 [binutils: integer overflow][sourceware-22148]
@@ -82,6 +89,7 @@ Then run `guix pull`.
 [python-pacfix]: https://github.com/hsh814/pacfix-python
 [redhat-955808]: https://bugzilla.redhat.com/show_bug.cgi?id=955808
 [jasper-d42b238]: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c
+[oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3
 [sourceware-22148]: https://sourceware.org/bugzilla/show_bug.cgi?id=22148
 [sourceware-22186]: https://sourceware.org/bugzilla/show_bug.cgi?id=22186
 [mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268
author	Nguyễn Gia Phong <cnx@loang.net>	2025-01-30 07:36:51 +0900
committer	Nguyễn Gia Phong <cnx@loang.net>	2025-01-30 07:36:51 +0900
commit	4967394b05bd0ce7a5f43cc138fbb885d54005ee (patch)
tree	c7e769bc530a1780e36144b16a50217ffbe473f4 /README.md
parent	6bd7cd50ca651dfef957e6c19862e54cdf8c0892 (diff)
download	loftix-4967394b05bd0ce7a5f43cc138fbb885d54005ee.tar.gz