[Secure-testing-commits] r47017 - in data: . CVE
Raphaël Hertzog
hertzog at moszumanska.debian.org
Tue Dec 13 09:58:30 UTC 2016
Author: hertzog
Date: 2016-12-13 09:58:29 +0000 (Tue, 13 Dec 2016)
New Revision: 47017
Modified:
data/CVE/list
data/dla-needed.txt
Log:
Update data for libxml-twig-perl
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2016-12-13 09:58:16 UTC (rev 47016)
+++ data/CVE/list 2016-12-13 09:58:29 UTC (rev 47017)
@@ -9498,6 +9498,8 @@
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118097
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379553
NOTE: http://www.openwall.com/lists/oss-security/2016/11/02/1
+ NOTE: Release 3.50 adds a no_xxe flag which will fail to parse files with external entities.
+ NOTE: 2016-12-13: The corresponding changes is not in the public git repository yet: https://github.com/mirod/xmltwig/commits/master
CVE-2016-9136 (Artifex Software, Inc. MuJS before ...)
NOT-FOR-US: MuJS
CVE-2016-9135 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in ...)
Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt 2016-12-13 09:58:16 UTC (rev 47016)
+++ data/dla-needed.txt 2016-12-13 09:58:29 UTC (rev 47017)
@@ -42,7 +42,8 @@
libupnp4
--
libxml-twig-perl
- NOTE: no upstream fix yet (2016-11-02)
+ NOTE: no upstream fix yet for expand_external_ents but new no_xxe flag in 3.50
+ NOTE: could be backported (2016-12-13)
--
libxml2
NOTE: no upstream fix yet (2016-11-29)
More information about the Secure-testing-commits
mailing list