Package: libxml2 Version: 2.9.1+dfsg1-3 Severity: grave Tags: security Hi, from oss-security. This was assigned CVE-2014-0191
| It was discovered that libxml2, a library providing support to read, | modify and write XML files, incorrectly performs entity substituton in | the doctype prolog, even if the application using libxml2 disabled any | entity substitution. A remote attacker could provide a | specially-crafted XML file that, when processed, would lead to the | exhaustion of CPU and memory resources or file descriptors. | | This issue was discovered by Daniel Berrange of Red Hat. Fix: https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
