Bug 19857 - perl-SOAP-Lite new security issue CVE-2015-8978
Summary: perl-SOAP-Lite new security issue CVE-2015-8978
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 5
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: https://lwn.net/Vulnerabilities/707491/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-11-28 20:44 CET by David Walser
Modified: 2017-07-09 02:27 CEST (History)
1 user (show)

See Also:
Source RPM: perl-SOAP-Lite-1.110.0-4.mga5.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2016-11-28 20:44:50 CET
Debian-LTS has issued an advisory on November 25:
https://lwn.net/Alerts/707471/

Debian has a patch.  From the CVE entry, it sounds like the version in Cauldron may be new enough to contain the fix.
Comment 1 David Walser 2017-07-09 02:27:33 CEST
Patched package uploaded for Mageia 5.

Advisory:
========================

Updated perl-SOAP-Lite package fixes security vulnerability:

It was discovered that there was a "Billion Laughs" [0] XML expansion
vulnerability in SOAP::Lite (CVE-2015-8978).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8978
https://lwn.net/Alerts/707471/
========================

Updated packages in core/updates_testing:
========================
perl-SOAP-Lite-1.110.0-4.1.mga5

from perl-SOAP-Lite-1.110.0-4.1.mga5.src.rpm

Note You need to log in before you can comment on or make changes to this bug.