[kde-doc-english] [docs] [Bug 335001] meinproc4 doesn't substitute entity with libxml2 fixed for CVE-2014-0191
Luigi Toscano
luigi.toscano at tiscali.it
Wed Jun 4 20:40:33 UTC 2014
https://bugs.kde.org/show_bug.cgi?id=335001
Luigi Toscano <luigi.toscano at tiscali.it> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|CONFIRMED |RESOLVED
Version Fixed In| |4.13.2
Resolution|--- |FIXED
Latest Commit| |http://commits.kde.org/kdel
| |ibs/d4fca9ffb31a2383459c89b
| |27f81b10b7ddece1a
--- Comment #5 from Luigi Toscano <luigi.toscano at tiscali.it> ---
Git commit d4fca9ffb31a2383459c89b27f81b10b7ddece1a by Luigi Toscano.
Committed on 04/06/2014 at 20:40.
Pushed by ltoscano into branch 'KDE/4.13'.
Explicitly load external entities (after CVE-2014-0191)
Use the more modern API function for XML loading and enable the
flags which load the external entities, so that meinproc4 can work
again after the security changes implemented for CVE-2014-0191.
Network loading is disabled too now.
REVIEW: 118270
FIXED-IN: 4.13.2
M +2 -2 kdoctools/meinproc.cpp
M +2 -1 kdoctools/xslt.cpp
http://commits.kde.org/kdelibs/d4fca9ffb31a2383459c89b27f81b10b7ddece1a
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the kde-doc-english
mailing list