Debian Long Term Support / LTS Security Information / 2015 / Security Information -- DLA-214-1 libxml-libxml-perl

Debian Security Advisory

DLA-214-1 libxml-libxml-perl -- LTS security update

Date Reported:

30 Apr 2015

Affected Packages:

libxml-libxml-perl

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 783443.
In Mitre's CVE dictionary: CVE-2015-3451.

More information:

In some cases, XML::LibXML did not respect the request to disable entities expansion. Applications handling untrusted XML files can then be tricked into disclosing the content of local files.

In Debian 6 Squeeze, this issue has been fixed in libxml-libxml-perl version 1.70.ds-1+deb6u1.