[kde-doc-english] [docs] [Bug 335001] meinproc4 doesn't substitute entity with libxml2 fixed for CVE-2014-0191
Luigi Toscano
luigi.toscano at tiscali.it
Fri Jun 13 00:42:48 UTC 2014
https://bugs.kde.org/show_bug.cgi?id=335001
--- Comment #6 from Luigi Toscano <luigi.toscano at tiscali.it> ---
Git commit 684bb98b31d338d85e1e6089cac381a507a5b4d8 by Luigi Toscano.
Committed on 13/06/2014 at 00:41.
Pushed by ltoscano into branch 'KDE/4.13'.
Do not set global loading of DTD and entities, no more needed
The global settings have been replaced by the fine-grained
parameters passed to xmlReadFile.
Moreover a libxml2 regression prevents those parameters from
being used when the patch for CVE-2014-0191 is applied, see
https://bugzilla.gnome.org/show_bug.cgi?id=730290
A new libxml2 patch is going to be deployed soon, but anyway
this code works even without setting those parameters.
M +0 -3 kdoctools/meinproc.cpp
http://commits.kde.org/kdelibs/684bb98b31d338d85e1e6089cac381a507a5b4d8
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the kde-doc-english
mailing list