Author: hertzog Date: 2016-12-13 09:58:29 +0000 (Tue, 13 Dec 2016) New Revision: 47017
Modified: data/CVE/list data/dla-needed.txt Log: Update data for libxml-twig-perl Modified: data/CVE/list =================================================================== --- data/CVE/list 2016-12-13 09:58:16 UTC (rev 47016) +++ data/CVE/list 2016-12-13 09:58:29 UTC (rev 47017) @@ -9498,6 +9498,8 @@ NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118097 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379553 NOTE: http://www.openwall.com/lists/oss-security/2016/11/02/1 + NOTE: Release 3.50 adds a no_xxe flag which will fail to parse files with external entities. + NOTE: 2016-12-13: The corresponding changes is not in the public git repository yet: https://github.com/mirod/xmltwig/commits/master CVE-2016-9136 (Artifex Software, Inc. MuJS before ...) NOT-FOR-US: MuJS CVE-2016-9135 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in ...) Modified: data/dla-needed.txt =================================================================== --- data/dla-needed.txt 2016-12-13 09:58:16 UTC (rev 47016) +++ data/dla-needed.txt 2016-12-13 09:58:29 UTC (rev 47017) @@ -42,7 +42,8 @@ libupnp4 -- libxml-twig-perl - NOTE: no upstream fix yet (2016-11-02) + NOTE: no upstream fix yet for expand_external_ents but new no_xxe flag in 3.50 + NOTE: could be backported (2016-12-13) -- libxml2 NOTE: no upstream fix yet (2016-11-29) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits