Source: libimage-info-perl Version: 1.28-1 Severity: grave Tags: security upstream fixed-upstream Forwarded: https://rt.cpan.org/Public/Bug/Display.html?id=118099
Hi [N.B.: Agreed, the severity might be set too high, but I think it would be good to have the fix for stretch, thus the RC severity]. It was reported that Image::Info is suspectible to XXE in SVG files. Cf. https://rt.cpan.org/Public/Bug/Display.html?id=118099 https://bugzilla.redhat.com/show_bug.cgi?id=1379556 It was already fixed in 1.39 upstream. Regards, Salvatore
