Описание
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libxml-twig-perl | fixed | 1:3.50-1.1 | package | |
| libxml-twig-perl | no-dsa | stretch | package | |
| libxml-twig-perl | no-dsa | jessie | package | |
| libxml-twig-perl | no-dsa | wheezy | package |
Примечания
https://rt.cpan.org/Public/Bug/Display.html?id=118097
https://bugzilla.redhat.com/show_bug.cgi?id=1379553
https://www.openwall.com/lists/oss-security/2016/11/02/1
Release 3.50 adds a no_xxe flag which will fail to parse files with external entities.
2016-12-13: The corresponding changes is not in the public git repository yet: https://github.com/mirod/xmltwig/commits/master
Связанные уязвимости
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.
perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.
