oss-sec mailing list archives
Re: CVE Request: libxml2 external parsed entities issue
From: Nicolas Grégoire <nicolas.gregoire () agarri fr>
Date: Tue, 29 Oct 2013 08:53:08 +0100
libxml has an API to disable external entity expansion.
Are you talking about using xmlSetExternalEntityLoader()? It works, but changing the libxml default behavior to not being vulnerable to XXE seems a good idea. Cheers, Nicolas
Current thread:
- Re: CVE Request: libxml2 external parsed entities issue Nicolas Grégoire (Oct 28)
- Re: CVE Request: libxml2 external parsed entities issue Huzaifa Sidhpurwala (Oct 28)
- Re: CVE Request: libxml2 external parsed entities issue Nicolas Grégoire (Oct 29)
- Re: CVE Request: libxml2 external parsed entities issue Kurt Seifried (Oct 29)
- Re: CVE Request: libxml2 external parsed entities issue Nicolas Grégoire (Oct 29)
- Re: CVE Request: libxml2 external parsed entities issue Huzaifa Sidhpurwala (Oct 28)