Package: libxml2 Version: 2.9.1+dfsg1-3 Severity: grave Tags: security Hi, from oss-security. This was assigned CVE-2014-0191
| It was discovered that libxml2, a library providing support to read, | modify and write XML files, incorrectly performs entity substituton in | the doctype prolog, even if the application using libxml2 disabled any | entity substitution. A remote attacker could provide a | specially-crafted XML file that, when processed, would lead to the | exhaustion of CPU and memory resources or file descriptors. | | This issue was discovered by Daniel Berrange of Red Hat. Fix: https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df Cheers, Moritz _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
