Date: Tue, 7 Feb 2017 09:57:39 +0000 (UTC) From: Sébastien Delafond <seb@...ian.org> To: oss-security@...ts.openwall.com Subject: CVE request: XXE in Openpyxl Hello, the Debian Security Team would like to request a CVE for an XML XEE discovered in Openpyxl by Marcin Ulikowski from F-Secure; Openpyxl resolves external entities by default: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=854442 https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1 Cheers, --Seb
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.