[kde-doc-english] [docs] [Bug 335001] meinproc4 doesn't substitute entity with libxml2 fixed for CVE-2014-0191
Luigi Toscano
luigi.toscano at tiscali.it
Sat Jun 14 00:37:45 UTC 2014
https://bugs.kde.org/show_bug.cgi?id=335001
--- Comment #7 from Luigi Toscano <luigi.toscano at tiscali.it> ---
Git commit f9ed9951d228fae90f2979830f6009ad71e33511 by Luigi Toscano.
Committed on 14/06/2014 at 00:36.
Pushed by ltoscano into branch 'master'.
Explicitly load external entities
Use the more modern API function for XML loading and enable the
flags which load the external entities, so that meinproc4 can work
again after the security changes implemented for CVE-2014-0191.
Network loading is disabled too now.
Please note that, even if the changes to the aforementioned CVE
introduced a regression in libxml2, recently fixed upstream,
and that the current meinproc code works again once the
fix is deployed, nevertheless upstream suggests to not use
global settings anymore.
Adapted from the following kdelibs (Qt4 branch) commits:
d4fca9ffb31a2383459c89b27f81b10b7ddece1a
684bb98b31d338d85e1e6089cac381a507a5b4d8
M +0 -3 src/meinproc.cpp
M +3 -1 src/xslt.cpp
http://commits.kde.org/kdoctools/f9ed9951d228fae90f2979830f6009ad71e33511
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the kde-doc-english
mailing list