CVE-2015-10082: A vulnerability classified as problematic has been found in UIKit0 libplist 1.12. This affects the function plist_from_xml of the file src/xplist.c of the component XML Handler. The manipulation leads to xml external entity reference. The name of the patch is c086cb139af7c82845f6d565e636073ff4b37440. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-221499. Please apply the patch: https://github.com/UIKit0/libplist/commit/c086cb139af7c82845f6d565e636073ff4b37440
The libplist in tree doesn't use libxml and (for better or for worse) has its own handwritten XML parser. plist_from_xml: https://github.com/libimobiledevice/libplist/blob/bfc97788f081584ced9cd35d85b69b3fec6b907c/src/xplist.c#L1474-L1487 commit that removes libxml2: https://github.com/libimobiledevice/libplist/commit/392135c7db4d9cb4a14ff5935d7c4c6e21363847 (present since v2.0.0)
I see, thanks!