Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 Jul 2013 15:17:41 +0200
From: Marcus Meissner <meissner@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: libxml2 external parsed entities
	issue

On Fri, Jul 05, 2013 at 08:48:04AM -0400, Marc Deslauriers wrote:
> Hello,
> 
> libxml2 earlier than 2.9.0 fetches external parsed entities by default, with no
> way to disable the behaviour.
> 
> Fixed by the following commit:
> 
> https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f
> 
> More Information:
> https://mail.gnome.org/archives/xml/2012-October/msg00045.html
> https://github.com/sparklemotion/nokogiri/issues/693
> https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1194410
> 
> 
> Could a CVE please be assigned to this issue?

Sounds like http://seclists.org/oss-sec/2013/q1/391  
and
"Please use CVE-2013-0339 for libxml2 external entities expansion"

?

Ciao, Marus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.