Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 8 Feb 2017 10:27:46 +1030
From: Doran Moppert <>
Subject: Re: CVE request: XXE in Openpyxl

On Feb 07 2017, S├ębastien Delafond wrote:
> the Debian Security Team would like to request a CVE for an XML XEE
> discovered in Openpyxl by Marcin Ulikowski from F-Secure; Openpyxl
> resolves external entities by default:

This is yet another instance of CVE-2016-9318.  As already observed on
the Debian tracker, disabling entity resolution altogether is probably
going to make openpyxl fail on well-formed Excel documents using
standard entities such as &lt;.

Doran Moppert
Red Hat Product Security

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ