[kde-doc-english] [docs] [Bug 335001] meinproc4 doesn't substitute entity with libxml2 fixed for CVE-2014-0191

Luigi Toscano luigi.toscano at tiscali.it
Wed Jun 4 20:40:33 UTC 2014


https://bugs.kde.org/show_bug.cgi?id=335001

Luigi Toscano <luigi.toscano at tiscali.it> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|CONFIRMED                   |RESOLVED
   Version Fixed In|                            |4.13.2
         Resolution|---                         |FIXED
      Latest Commit|                            |http://commits.kde.org/kdel
                   |                            |ibs/d4fca9ffb31a2383459c89b
                   |                            |27f81b10b7ddece1a

--- Comment #5 from Luigi Toscano <luigi.toscano at tiscali.it> ---
Git commit d4fca9ffb31a2383459c89b27f81b10b7ddece1a by Luigi Toscano.
Committed on 04/06/2014 at 20:40.
Pushed by ltoscano into branch 'KDE/4.13'.

Explicitly load external entities (after CVE-2014-0191)

Use the more modern API function for XML loading and enable the
flags which load the external entities, so that meinproc4 can work
again after the security changes implemented for CVE-2014-0191.
Network loading is disabled too now.

REVIEW: 118270
FIXED-IN: 4.13.2

M  +2    -2    kdoctools/meinproc.cpp
M  +2    -1    kdoctools/xslt.cpp

http://commits.kde.org/kdelibs/d4fca9ffb31a2383459c89b27f81b10b7ddece1a

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the kde-doc-english mailing list