[Desktop-packages] [Bug 1194410] Re: Apply upstream patch to close XXE vulnerability in precise

Fri, 12 Jul 2013 13:12:28 -0700 

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-0339

** Also affects: libxml2 (Ubuntu Lucid)
   Importance: Undecided
       Status: New

** Also affects: libxml2 (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: libxml2 (Ubuntu Saucy)
   Importance: Undecided
       Status: New

** Also affects: libxml2 (Ubuntu Quantal)
   Importance: Undecided
       Status: New

** Also affects: libxml2 (Ubuntu Raring)
   Importance: Undecided
       Status: New

** Changed in: libxml2 (Ubuntu Lucid)
       Status: New => Confirmed

** Changed in: libxml2 (Ubuntu Lucid)
   Importance: Undecided => Medium

** Changed in: libxml2 (Ubuntu Precise)
       Status: New => Confirmed

** Changed in: libxml2 (Ubuntu Precise)
   Importance: Undecided => Medium

** Changed in: libxml2 (Ubuntu Quantal)
       Status: New => Confirmed

** Changed in: libxml2 (Ubuntu Quantal)
   Importance: Undecided => Medium

** Changed in: libxml2 (Ubuntu Raring)
       Status: New => Fix Released

** Changed in: libxml2 (Ubuntu Saucy)
       Status: New => Fix Committed

** Changed in: libxml2 (Ubuntu Saucy)
       Status: Fix Committed => Fix Released

** Changed in: libxml2 (Ubuntu Lucid)
       Status: Confirmed => In Progress

** Changed in: libxml2 (Ubuntu Precise)
       Status: Confirmed => In Progress

** Changed in: libxml2 (Ubuntu Quantal)
       Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libxml2 in Ubuntu.
https://bugs.launchpad.net/bugs/1194410

Title:
  Apply upstream patch to close XXE vulnerability in precise

Status in “libxml2” package in Ubuntu:
  Fix Released
Status in “libxml2” source package in Lucid:
  In Progress
Status in “libxml2” source package in Precise:
  In Progress
Status in “libxml2” source package in Quantal:
  In Progress
Status in “libxml2” source package in Raring:
  Fix Released
Status in “libxml2” source package in Saucy:
  Fix Released

Bug description:
  In version 2.7.8 there is no way to avoid opening and reading a file
  if it is specified in the ENTITY section of the document.

  The issue has been raised in:
    https://mail.gnome.org/archives/xml/2012-October/msg00002.html
    https://github.com/sparklemotion/nokogiri/issues/693

  An upstream fix has been released:
    
https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1194410/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to