Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE Request: libxml2 external parsed entities issue
From: Huzaifa Sidhpurwala <huzaifas () redhat com>
Date: Tue, 29 Oct 2013 08:44:45 +0530

On 10/28/2013 11:47 PM, Nicolas Grégoire wrote:

For RedHat, it covers both but "libxml2 already provides mechanisms to
disable external entities which applications can use. Closing this flaw
as 'wontfix'": https://bugzilla.redhat.com/show_bug.cgi?id=915149

And the official page for the CVE isn't helpful:


libxml has an API to disable external entity expansion. Applications
linked against libxml, can use this API if they dont have enough
protections built-in. For this reason we believe that the
responsibility for correctly handling XEE lies with the app. and not
the library.




-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault