[Secure-testing-team] Bug#783443: libxml-libxml-perl: XEE vulnerability; expand_entities set to 0 is not preserved after a _clone() call
Salvatore Bonaccorso
carnil at debian.org
Mon Apr 27 04:52:46 UTC 2015
Source: libxml-libxml-perl
Version: 2.0116+dfsg-1
Severity: important
Tags: security upstream fixed-upstream
Hi
See http://www.openwall.com/lists/oss-security/2015/04/25/2 and
https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30/raw/
After a _clone() call unset options are not preserved, e.g.
expand_entities and external entities are processed.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list