| Summary: | <dev-perl/Image-Info-1.390.0: XXE | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | kentnl |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1379556 | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: |
=dev-perl/Image-Info-1.390.0
|
Runtime testing required: | No |
Arches please stabilize =dev-perl/Image-Info-1.390.0 Target: amd64 ppc ppc64 x86 amd64 stable x86 stable Stable for PPC64. ppc stable. Maintainer(s), please cleanup. Security, please vote. GLSA Vote: No Cleanup done |
From ${URL} : The Image::Info package makes no precautions against external entity expansion in SVG files. A crafted file could cause information disclosure or denial of service. Upstream bug: https://rt.cpan.org/Public/Bug/Display.html?id=118099 Upstream patch: http://search.cpan.org/diff?from=Image-Info-1.38&to=Image-Info-1.38_50&w=1 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.