Date: Tue, 06 May 2014 20:21:28 +0200 From: Nicolas Grégoire <nicolas.gregoire@...rri.fr> To: oss-security@...ts.openwall.com Subject: Re: CVE-2014-0191 libxml2: external parameter entity loaded when entity substitution is disabled Hello, > libxml2 [...] incorrectly performs entity substituton in the doctype > prolog, even if the application using libxml2 disabled any entity > substitution. I'm not sure that I understand this bug. Do you have a PoC? Regards, Nicolas Grégoire
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ