A CVE has been assigned for an issue fixed in XML::LibXML 2.0119: http://openwall.com/lists/oss-security/2015/04/30/1 Reproducible: Steps to Reproduce:
CC: (none) => mageia, shlomifWhiteboard: (none) => MGA5TOO, MGA4TOO
URL: (none) => http://lwn.net/Vulnerabilities/642877/
Blocks: (none) => 14674
Testing MGA4.1 32 and 64 bit, Vbox hardware. Testing will be limited to executing a trivial script pre and post update in each architecture.
CC: (none) => vzawalin1
(In reply to Vladimir Zawalinski from comment #1) > Testing MGA4.1 32 and 64 bit, Vbox hardware. > > Testing will be limited to executing a trivial script pre and post update in > each architecture. Vladimir, you can also run the test suite from the source distribution using «prove t/*.t».
Thank you Shlomi - I'll try that.
There's nothing to test yet, no update has been posted.
That explains it
Fixed with perl-XML-LibXML-2.10.0-2.1.mga4
CC: (none) => oe
(In reply to David Walser from comment #4) > There's nothing to test yet, no update has been posted. Now there is :o) Thanks Oden. Still waiting for it to be pushed in Cauldron before assigning to QA, but you can test the Mageia 4 update now.
Patched package uploaded for Mageia 4. Updated package uploaded for Cauldron. Thanks again Shlomi and Oden! Mageia 4 package is listed in Comment 6. Advisory: ======================== Updated perl-XML-LibXML package fixes security vulnerability: Tilmann Haak from xing.com discovered that XML::LibXML did not respect the expand_entities parameter to disable processing of external entities in some circumstances. This may allow attackers to gain read access to otherwise protected ressources, depending on how the library is used (CVE-2015-3451). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3451 https://www.debian.org/security/2015/dsa-3243
CC: (none) => jquelinVersion: Cauldron => 4Blocks: 14674 => (none)Assignee: jquelin => qa-bugsWhiteboard: MGA5TOO, MGA4TOO => (none)
Testing complete mga4 32 & 64 Self tests are run at build time and the package is required by urpmi so just ensured the packages update cleanly and urpmi isn't broken.
Validating. Advisory uploaded. Please push to 4 updates Thanks!
Keywords: (none) => validated_updateWhiteboard: (none) => has_procedure advisory mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0199.html
Status: NEW => RESOLVEDResolution: (none) => FIXED