A CVE has been assigned for an issue fixed in XML::LibXML 2.0119:
Steps to Reproduce:
Testing MGA4.1 32 and 64 bit, Vbox hardware.
Testing will be limited to executing a trivial script pre and post update in each architecture.
(In reply to Vladimir Zawalinski from comment #1)
> Testing MGA4.1 32 and 64 bit, Vbox hardware.
> Testing will be limited to executing a trivial script pre and post update in
> each architecture.
Vladimir, you can also run the test suite from the source distribution using Â«prove t/*.tÂ».
Thank you Shlomi - I'll try that.
There's nothing to test yet, no update has been posted.
That explains it
Fixed with perl-XML-LibXML-2.10.0-2.1.mga4
(In reply to David Walser from comment #4)
> There's nothing to test yet, no update has been posted.
Now there is :o) Thanks Oden.
Still waiting for it to be pushed in Cauldron before assigning to QA, but you can test the Mageia 4 update now.
Patched package uploaded for Mageia 4.
Updated package uploaded for Cauldron. Thanks again Shlomi and Oden!
Mageia 4 package is listed in Comment 6.
Updated perl-XML-LibXML package fixes security vulnerability:
Tilmann Haak from xing.com discovered that XML::LibXML did not respect the
expand_entities parameter to disable processing of external entities in some
circumstances. This may allow attackers to gain read access to otherwise
protected ressources, depending on how the library is used (CVE-2015-3451).
MGA5TOO, MGA4TOO =>
Testing complete mga4 32 & 64
Self tests are run at build time and the package is required by urpmi so just ensured the packages update cleanly and urpmi isn't broken.
Validating. Advisory uploaded.
Please push to 4 updates
has_procedure advisory mga4-32-ok mga4-64-okCC:
An update for this issue has been pushed to Mageia Updates repository.