Source: libxml2 Version: 2.9.4+dfsg1-2.1 Severity: important Tags: security upstream Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=772726
Hi, the following vulnerability was published for libxml2. CVE-2016-9318[0]: | libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and | other products, does not offer a flag directly indicating that the | current document may be read but other files may not be opened, which | makes it easier for remote attackers to conduct XML External Entity | (XXE) attacks via a crafted document. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-9318 [1] https://bugzilla.gnome.org/show_bug.cgi?id=772726 Please adjust the affected versions in the BTS as needed. Regards, Salvatore