About the recently reported CVE-2016-3709
Hi dear libxml maintainers,
I noticed there is a new CVE-2016-3709 in NVD(see https://nvd.nist.gov/vuln/detail/CVE-2016-3709). But there is no fix patch in NVD. After some googling I found that there is a issue on bugzilla of SUSE, which mentioned that the commit c1ba6f5 is the fix.
The commit c1ba6f54 reverted 960f0e27, and it seems CVE-2016-3709 is caused by the commit 960f0e27. I just want a second confirm from you: is this commit c1ba6f54 the fix patch of CVE-2016-3709.
Thanks for your great work in libxml.