From 772851ff46be1c16c417766671a0e701668d8195 Mon Sep 17 00:00:00 2001
From: Graham Christensen <graham@grahamc.com>
Date: Wed, 25 May 2016 09:37:57 -0500
Subject: [PATCH] libxml2: 2.9.3 -> 2.9.4 for three CVEs (close #15697)

 - CVE-2016-4447: libxml2: Heap-based buffer underreads due to xmlParseName
   https://bugzilla.redhat.com/show_bug.cgi?id=1338686

 - CVE-2016-4448 libxml2: Format string vulnerability
   https://bugzilla.redhat.com/show_bug.cgi?id=1338700

 - CVE-2016-4449 libxml2: Inappropriate fetch of entities content
   https://bugzilla.redhat.com/show_bug.cgi?id=1338701

and many other fixed issues, available at http://www.xmlsoft.org/news.html
---
 pkgs/development/libraries/libxml2/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/libraries/libxml2/default.nix b/pkgs/development/libraries/libxml2/default.nix
index 7229b10e01c4..b6f769078ad4 100644
--- a/pkgs/development/libraries/libxml2/default.nix
+++ b/pkgs/development/libraries/libxml2/default.nix
@@ -3,11 +3,11 @@
 
 stdenv.mkDerivation rec {
   name = "libxml2-${version}";
-  version = "2.9.3";
+  version = "2.9.4";
 
   src = fetchurl {
     url = "http://xmlsoft.org/sources/${name}.tar.gz";
-    sha256 = "0bd17g6znn2r98gzpjppsqjg33iraky4px923j3k8kdl8qgy7sad";
+    sha256 = "0g336cr0bw6dax1q48bblphmchgihx9p1pjmxdnrd6sh3qci3fgz";
   };
 
   outputs = [ "dev" "out" "bin" "doc" ]