A CVE has been assigned for an XXE issue in XML::Twig: http://openwall.com/lists/oss-security/2016/11/04/2 No fix is available yet.
Whiteboard: (none) => MGA5TOO
Already assigning to the registered maintainer
CC: (none) => marja11Assignee: bugsquad => jquelin
CC: (none) => mageiaVersion: Cauldron => 5Whiteboard: MGA5TOO => (none)
Fixed in cauldron and pushed in mga5 updates_testing SRPMS: perl-Image-Info-1.360.0-4.1.mga5
Assignee: jquelin => qa-bugs
SRPMS: perl-Image-Info-1.380.0-1.mga5
Assignee: qa-bugs => bugsquad
This bug is for perl-XML-Twig.
Version: 5 => CauldronWhiteboard: (none) => MGA5TOO
Assignee: bugsquad => jquelin
CVE: (none) => CVE-2016-9180
Fixed in cauldron
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)
(In reply to Nicolas Lécureuil from comment #5) > Fixed in cauldron Are you sure? I just looked at it and it appears there's still no fix upstream for this.
Switching this to Mageia 6/Cauldron since it hasn't actually been fixed.
Whiteboard: (none) => MGA6TOOVersion: 5 => Cauldron
I suppose we could have updated Mageia 5 to 3.52, but it wouldn't fix the fact that expand_external_ents is not respected, so if we have any code relying on that, it wouldn't be automatically fixed, it'd have to be patched to make use of the new no_xxe flag that was added. So, too late for this to be of much use.
Status comment: (none) => Not fixed upstream as of end of 2017
Doesn't look like any packages depending on it reference expand_external_ents, so let's call this fixed.
Resolution: (none) => FIXEDWhiteboard: MGA6TOO => (none)Status: NEW => RESOLVEDStatus comment: Not fixed upstream as of end of 2017 => (none)