** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-0339
** Also affects: libxml2 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: libxml2 (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: libxml2 (Ubuntu Saucy) Importance: Undecided Status: New ** Also affects: libxml2 (Ubuntu Quantal) Importance: Undecided Status: New ** Also affects: libxml2 (Ubuntu Raring) Importance: Undecided Status: New ** Changed in: libxml2 (Ubuntu Lucid) Status: New => Confirmed ** Changed in: libxml2 (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: libxml2 (Ubuntu Precise) Status: New => Confirmed ** Changed in: libxml2 (Ubuntu Precise) Importance: Undecided => Medium ** Changed in: libxml2 (Ubuntu Quantal) Status: New => Confirmed ** Changed in: libxml2 (Ubuntu Quantal) Importance: Undecided => Medium ** Changed in: libxml2 (Ubuntu Raring) Status: New => Fix Released ** Changed in: libxml2 (Ubuntu Saucy) Status: New => Fix Committed ** Changed in: libxml2 (Ubuntu Saucy) Status: Fix Committed => Fix Released ** Changed in: libxml2 (Ubuntu Lucid) Status: Confirmed => In Progress ** Changed in: libxml2 (Ubuntu Precise) Status: Confirmed => In Progress ** Changed in: libxml2 (Ubuntu Quantal) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libxml2 in Ubuntu. https://bugs.launchpad.net/bugs/1194410 Title: Apply upstream patch to close XXE vulnerability in precise Status in “libxml2” package in Ubuntu: Fix Released Status in “libxml2” source package in Lucid: In Progress Status in “libxml2” source package in Precise: In Progress Status in “libxml2” source package in Quantal: In Progress Status in “libxml2” source package in Raring: Fix Released Status in “libxml2” source package in Saucy: Fix Released Bug description: In version 2.7.8 there is no way to avoid opening and reading a file if it is specified in the ENTITY section of the document. The issue has been raised in: https://mail.gnome.org/archives/xml/2012-October/msg00002.html https://github.com/sparklemotion/nokogiri/issues/693 An upstream fix has been released: https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libxml2/+bug/1194410/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp