Apply upstream patch to close XXE vulnerability in precise
Bug #1194410 reported by
Georgios Chinis
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libxml2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned | ||
Quantal |
Fix Released
|
Medium
|
Unassigned | ||
Raring |
Fix Released
|
Undecided
|
Unassigned | ||
Saucy |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
In version 2.7.8 there is no way to avoid opening and reading a file if it is specified in the ENTITY section of the document.
The issue has been raised in:
https:/
https:/
An upstream fix has been released:
https:/
information type: | Private Security → Public Security |
Changed in libxml2 (Ubuntu Lucid): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in libxml2 (Ubuntu Precise): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in libxml2 (Ubuntu Quantal): | |
status: | New → Confirmed |
importance: | Undecided → Medium |
Changed in libxml2 (Ubuntu Raring): | |
status: | New → Fix Released |
Changed in libxml2 (Ubuntu Saucy): | |
status: | New → Fix Committed |
status: | Fix Committed → Fix Released |
Changed in libxml2 (Ubuntu Lucid): | |
status: | Confirmed → In Progress |
Changed in libxml2 (Ubuntu Precise): | |
status: | Confirmed → In Progress |
Changed in libxml2 (Ubuntu Quantal): | |
status: | Confirmed → In Progress |
To post a comment you must log in.
I've requested a CVE for this issue, thanks.