Summary: | dev-perl/Lab-Measurement: Package uses dev-perl/XML-Twig and makes no clear statement regarding handling of external entities (CVE-2016-9180) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | dilfridge, kentnl, sci |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/lab-measurement/lab-measurement/issues/9 | ||
Whiteboard: | B3 [upstream?] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 600818 |
Description
Thomas Deutschmann (RETIRED)
2016-11-25 17:47:08 UTC
hi, I tested on 9/19/2017 -- developer / # grep -Fr 'use XML::Twig' Lab-Measurement-3.554 developer / # Further upstream removed Lab::Data::XMLtree from package as it is deprecated. Package dev-perl/Lab-Measurement-3.550 is in tree. Seems ready for bump? No versions of Lab-Measurement in tree mention XML-Tree anymore. Last versions removed 2017-11-29 |