Date: Fri, 05 Jul 2013 08:48:04 -0400 From: Marc Deslauriers <marc.deslauriers@...onical.com> To: oss-security@...ts.openwall.com Subject: CVE Request: libxml2 external parsed entities issue Hello, libxml2 earlier than 2.9.0 fetches external parsed entities by default, with no way to disable the behaviour. Fixed by the following commit: https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f More Information: https://mail.gnome.org/archives/xml/2012-October/msg00045.html https://github.com/sparklemotion/nokogiri/issues/693 https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1194410 Could a CVE please be assigned to this issue? Thanks, Marc. -- Marc Deslauriers Ubuntu Security Engineer | http://www.ubuntu.com/ Canonical Ltd. | http://www.canonical.com/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.