[Bug 1216112] New: perl-XML-LibXML: "expand_entities" option was not preserved under some circumstances

bugzilla at redhat.com bugzilla at redhat.com
Tue Apr 28 14:02:26 UTC 2015


https://bugzilla.redhat.com/show_bug.cgi?id=1216112

            Bug ID: 1216112
           Summary: perl-XML-LibXML: "expand_entities" option was not
                    preserved under some circumstances
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: low
          Priority: low
          Assignee: security-response-team at redhat.com
          Reporter: vkaigoro at redhat.com
                CC: jplesnik at redhat.com, mmaslano at redhat.com,
                    perl-devel at lists.fedoraproject.org,
                    perl-maint-list at redhat.com, ppisar at redhat.com,
                    psabata at redhat.com



It was reported that perl-XML-LibXML did ignore "expand_entities" option in
some circumstances, which could lead to sensitive information disclosure.
Original report and CVE request (reprodcuers are also available):
http://seclists.org/oss-sec/2015/q2/280

-- 
You are receiving this mail because:
You are on the CC list for the bug.


More information about the perl-devel mailing list