On Thu, 17 Nov 2016 20:57:26 +0000 "Robin H. Johnson" <robb...@gentoo.org> wrote:
> - eg metadata.xml (nothing for user systems is impacted by it, other > than to give output about packages). Idle thought: Given there are classes of vulnerabilities related to XML parsing and decoding, any systems that attempt to read this file should ensure a it "good" before doing so. But I don't really know the specifics of XXE vulns, only that I saw a few in the last few months.
pgpXpIa1JDFGz.pgp
Description: OpenPGP digital signature