Debian Security Advisory

DLA-214-1 libxml-libxml-perl -- LTS security update

Date Reported:
30 Apr 2015
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 783443.
In Mitre's CVE dictionary: CVE-2015-3451.
More information:

In some cases, XML::LibXML did not respect the request to disable entities expansion. Applications handling untrusted XML files can then be tricked into disclosing the content of local files.

In Debian 6 Squeeze, this issue has been fixed in libxml-libxml-perl version 1.70.ds-1+deb6u1.