[kde-doc-english] [docs] [Bug 335001] meinproc4 doesn't substitute entity with libxml2 fixed for CVE-2014-0191

Luigi Toscano Wed, 04 Jun 2014 20:40:33 +0000

https://bugs.kde.org/show_bug.cgi?id=335001


Luigi Toscano <luigi.toscano at tiscali.it> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CONFIRMED                   |RESOLVED
   Version Fixed In|                            |4.13.2
         Resolution|---                         |FIXED
      Latest Commit|                            |http://commits.kde.org/kdel
                   |                            |ibs/d4fca9ffb31a2383459c89b
                   |                            |27f81b10b7ddece1a

--- Comment #5 from Luigi Toscano <luigi.toscano at tiscali.it> ---
Git commit d4fca9ffb31a2383459c89b27f81b10b7ddece1a by Luigi Toscano.
Committed on 04/06/2014 at 20:40.
Pushed by ltoscano into branch 'KDE/4.13'.

Explicitly load external entities (after CVE-2014-0191)

Use the more modern API function for XML loading and enable the
flags which load the external entities, so that meinproc4 can work
again after the security changes implemented for CVE-2014-0191.
Network loading is disabled too now.

REVIEW: 118270
FIXED-IN: 4.13.2

M  +2    -2    kdoctools/meinproc.cpp
M  +2    -1    kdoctools/xslt.cpp

http://commits.kde.org/kdelibs/d4fca9ffb31a2383459c89b27f81b10b7ddece1a

-- 
You are receiving this mail because:
You are the assignee for the bug.

[kde-doc-english] [docs] [Bug 335001] meinproc4 doesn't substitute entity with libxml2 fixed for CVE-2014-0191

Reply via email to