Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 14 Aug 2014 17:32:41 +1000
From: Murray McAllister <>
Subject: GetID3 CVE-2014-2053 XXE issue [was Re: WordPress
 3.9.2 release - needs CVE's]

>> - -Prevents information disclosure via XML entity attacks in the
>> external GetID3 library, reported by Ivan Novikov of ONSec.
> This is an XXE in GetID3, Upstream
> CVE-2014-2053.
> Affected WordPress versions 3.6 - 3.9.1 (except 3.7.4 / 3.8.4)

Thanks Andrew!

For the separate package of GetID3, I think this is the fix:

Making a separate mail in case anyone else missed CVE-2014-2053.


Murray McAllister / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ