** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1194410
Title:
Apply upstream patch to close XXE vulnerability in precise
Status in “libxml2” package in Ubuntu:
New
Bug description:
In version 2.7.8 there is no way to avoid opening and reading a file
if it is specified in the ENTITY section of the document.
The issue has been raised in:
https://mail.gnome.org/archives/xml/2012-October/msg00002.html
https://github.com/sparklemotion/nokogiri/issues/693
An upstream fix has been released:
https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1194410/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
