oss-sec mailing list archives

Re: CVE Request: libxml2 external parsed entities issue

From: Nicolas Grégoire <nicolas.gregoire () agarri fr>
Date: Tue, 29 Oct 2013 08:53:08 +0100

libxml has an API to disable external entity expansion.


Are you talking about using xmlSetExternalEntityLoader()?

It works, but changing the libxml default behavior to not being
vulnerable to XXE seems a good idea.

Cheers,
Nicolas

Current thread:

Re: CVE Request: libxml2 external parsed entities issue Nicolas Grégoire (Oct 28)
- Re: CVE Request: libxml2 external parsed entities issue Huzaifa Sidhpurwala (Oct 28)
  - Re: CVE Request: libxml2 external parsed entities issue Nicolas Grégoire (Oct 29)
    - Re: CVE Request: libxml2 external parsed entities issue Kurt Seifried (Oct 29)