The best way to configure the parser (but this would need some functional testing) would imho be:
- without XML_PARSE_NOENT ("Substitute entities")
- without XML_PARSE_XINCLUDE ("Implement XInclude substitution")
- without XML_PARSE_DTDLOAD ("load the external subset")
- with XML_PARSE_NONET ("Forbid network access")
The best way to configure the parser (but this would need some functional testing) would imho be:
- without XML_PARSE_NOENT ("Substitute entities")
- without XML_PARSE_XINCLUDE ("Implement XInclude substitution")
- without XML_PARSE_DTDLOAD ("load the external subset")
- with XML_PARSE_NONET ("Forbid network access")
For your information, here's the patch that XML::Atom applied regarding CVE-2012-1102: anonscm. debian. org/gitweb/ ?p=pkg- perl/packages/ libxml- atom-perl. git;a=commitdif f;h=4f68e738c6f 298e2bda0bad456 fc97a3122c0a17
http://