[Bug 1216112] CVE-2015-3451 perl-XML-LibXML: "expand_entities" option was not preserved under some circumstances
bugzilla at redhat.com
bugzilla at redhat.com
Fri Aug 7 00:01:02 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1216112
Kurt Seifried <kseifried at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=low,public=20150423, |impact=low,public=20150423,
|reported=20150423,source=re |reported=20150423,source=re
|searcher,cvss2=2.6/AV:N/AC: |searcher,cvss2=2.6/AV:N/AC:
|H/Au:N/C:P/I:N/A:N,fedora-a |H/Au:N/C:P/I:N/A:N,fedora-a
|ll/perl-XML-LibXML=affected |ll/perl-XML-LibXML=affected
|,rhel-5/perl-XML-LibXML=new |,rhel-5/perl-XML-LibXML=won
|,rhel-6/perl-XML-LibXML=aff |tfix,rhel-6/perl-XML-LibXML
|ected,rhel-7/perl-XML-LibXM |=wontfix,rhel-7/perl-XML-Li
|L=affected |bXML=wontfix
--- Comment #3 from Kurt Seifried <kseifried at redhat.com> ---
Mitigations:
This issue only affects programs using this program in forms such as:
$parser = XML::LibXML->new
or
$XML_DOC = $parser->load_xml
if you use the form:
$XML_DOC = XML::LibXML->load_xml
this vulnerability will not be exposed.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the perl-devel
mailing list