Debian-LTS has issued an advisory on November 25: https://lwn.net/Alerts/707471/ Debian has a patch. From the CVE entry, it sounds like the version in Cauldron may be new enough to contain the fix.
CC: (none) => marja11Assignee: bugsquad => jquelin
Patched package uploaded for Mageia 5. Advisory: ======================== Updated perl-SOAP-Lite package fixes security vulnerability: It was discovered that there was a "Billion Laughs" [0] XML expansion vulnerability in SOAP::Lite (CVE-2015-8978). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8978 https://lwn.net/Alerts/707471/ ======================== Updated packages in core/updates_testing: ======================== perl-SOAP-Lite-1.110.0-4.1.mga5 from perl-SOAP-Lite-1.110.0-4.1.mga5.src.rpm
Assignee: jquelin => qa-bugs
Testing M5_64 No previous updates for this. Some applications using it: chronicle lemonldap-* mga-advisories perl-*-* remotebox sympa chronicle looks the simplest; no man page nor /usr/share/ info, but: $ chronicle -h $ chronicle --manual has good information. I tried it by creating a directory 'chronicle' with a few simple text files as prescribed; then $ chronicle --input chronicle --output chronicle and pointing a browser at file://localhost/home/lewis/chronicle/index.html showed the nice result. Alas, stracing it showed no calls to SOAP anything. BEFORE update: perl-SOAP-Lite-1.110.0-4.mga5 AFTER clean update: perl-SOAP-Lite-1.110.0-4.1.mga5 FWIW chronicle result same before & after, but this is probably meaningless. Better, I have just added this advisory (OK) which may have exercised it - see mga-advisories above. OKing & validating.
Whiteboard: (none) => advisory MGA5-64-OKKeywords: (none) => validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0252.html
Status: NEW => RESOLVEDResolution: (none) => FIXED