On Thu, Feb 10, 2022 at 01:08:33PM +0100, Vincent Lefevre wrote: > This is no different than CVE-2013-0338 and CVE-2013-0339[*]. The > point is that from a small document, one can exhaust the memory > of the machine. CVE-2013-0338 and CVE-2013-0339 are about entity > expansion, but there are the same consequences with just loading > data in memory. > > [*] https://www.openwall.com/lists/oss-security/2013/02/22/3
If you believe so, and you confirmed that it hasn't been fixed in the past 15 years, could you please either (or both): * report it to mitre's CVE form * report it in https://gitlab.gnome.org/GNOME/libxml2/-/issues ? -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
