[Bug 1377996] New: perl-libxml-perl: Expanding external entities by default

Wednesday, 21 September 2016

https://bugzilla.redhat.com/show_bug.cgi?id=1377996

            Bug ID: 1377996
           Summary: perl-libxml-perl: Expanding external entities by
                    default
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: high
          Priority: high
          Assignee: security-response-team(a)redhat.com
          Reporter: amaris(a)redhat.com
                CC: jplesnik(a)redhat.com,
                    perl-devel(a)lists.fedoraproject.org,
                    perl-maint-list(a)redhat.com, ppisar(a)redhat.com,
                    psabata(a)redhat.com

It was found that XML::LibXML is vulnerable to XXE attack as it has enabled
external entity loading by default.

Bug report:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838097

-- 
You are receiving this mail because:
You are on the CC list for the bug.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

[Bug 1377996] New: perl-libxml-perl: Expanding external entities by default