oss-sec mailing list archives

Re: CVE Request: XML entity expansion in the XML::Atom Perl module

From: Florian Weimer <fw () deneb enyo de>
Date: Sun, 04 Mar 2012 17:15:26 +0100

* Florian Weimer:

I would like to request a CVE name for this security fix:

| 0.39  2011.06.20
|     * Disabled external entities and network to avoid possible security flaw (yannk)

<http://cpansearch.perl.org/src/MIYAGAWA/XML-Atom-0.39/Changes>

Thanks.


Oh, to clarify, this is about external entities, not the billion
laughs attack.

Current thread:

CVE Request: XML entity expansion in the XML::Atom Perl module Florian Weimer (Mar 04)
- Re: CVE Request: XML entity expansion in the XML::Atom Perl module Florian Weimer (Mar 04)
- Re: CVE Request: XML entity expansion in the XML::Atom Perl module Kurt Seifried (Mar 04)