Opened 7 weeks ago
Closed 7 weeks ago
#20136 closed enhancement (fixed)
libxml2-2.13.3
Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
---|---|---|---|
Priority: | elevated | Milestone: | 12.2 |
Component: | BOOK | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description
New point version.
Change History (4)
comment:1 by , 7 weeks ago
Priority: | normal → elevated |
---|
comment:2 by , 7 weeks ago
CVE-2024-40896:
Some users set an entity's children manually in the getEntity SAX callback to restrict entity expansion. This stopped working after renaming the "checked" member of xmlEntity, making at least one downstream project and its dependants susceptible to XXE attacks.
I don't know if this specific "downstream project" (the upstream has not made it public yet) is in BLFS.
comment:3 by , 7 weeks ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:4 by , 7 weeks ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Fixed at 2e31189172161734602733ca44d8dcca54981495
SA-12.1-083 issued
Note:
See TracTickets
for help on using tickets.
Security
Regressions
Improvements