[Secure-testing-team] Bug#842891: libimage-info-perl: XXE in SVG files
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 2 05:55:00 UTC 2016
Source: libimage-info-perl
Version: 1.28-1
Severity: grave
Tags: security upstream fixed-upstream
Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=118099
Hi
[N.B.: Agreed, the severity might be set too high, but I think it
would be good to have the fix for stretch, thus the RC severity].
It was reported that Image::Info is suspectible to XXE in SVG files.
Cf.
https://rt.cpan.org/Public/Bug/Display.html?id=118099
https://bugzilla.redhat.com/show_bug.cgi?id=1379556
It was already fixed in 1.39 upstream.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list