oss-sec mailing list archives

Re: CVE Request: libxml2 external parsed entities issue

From: Marcus Meissner <meissner () suse de>
Date: Fri, 5 Jul 2013 15:17:41 +0200

On Fri, Jul 05, 2013 at 08:48:04AM -0400, Marc Deslauriers wrote:

Hello,

libxml2 earlier than 2.9.0 fetches external parsed entities by default, with no
way to disable the behaviour.

Fixed by the following commit:

https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f

More Information:
https://mail.gnome.org/archives/xml/2012-October/msg00045.html
https://github.com/sparklemotion/nokogiri/issues/693
https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1194410


Could a CVE please be assigned to this issue?


Sounds like http://seclists.org/oss-sec/2013/q1/391  
and
"Please use CVE-2013-0339 for libxml2 external entities expansion"

?

Ciao, Marus

Current thread:

CVE Request: libxml2 external parsed entities issue Marc Deslauriers (Jul 05)
- Re: CVE Request: libxml2 external parsed entities issue Marcus Meissner (Jul 05)
  - Re: CVE Request: libxml2 external parsed entities issue Marc Deslauriers (Jul 05)
    - Re: CVE Request: libxml2 external parsed entities issue Marcus Meissner (Jul 05)
    - Re: CVE Request: libxml2 external parsed entities issue Kurt Seifried (Jul 05)