*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
In version 2.7.8 there is no way to avoid opening and reading a file if it is specified in the ENTITY section of the document. The issue has been raised in: https://mail.gnome.org/archives/xml/2012-October/msg00002.html https://github.com/sparklemotion/nokogiri/issues/693 An upstream fix has been released: https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f ** Affects: libxml2 (Ubuntu) Importance: Undecided Status: New -- Apply upstream patch to close XXE vulnerability in precise https://bugs.launchpad.net/bugs/1194410 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
