** Description changed:
libxml's libxml_disable_entity_loader was not threadsafe on php-fpm
prior to 5.5.22 and 5.6.6. This allowed attackers to perform an XXE
attack even though the entity loader was disabled in your code.
Zend came up with a separate library for this:
https://github
** Information type changed from Private Security to Public Security
** Changed in: php5 (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in Ubuntu.
https://bugs.launchpad.net/bugs/1509817
