Vulnerability in libxml2 allows denial of service
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0339
If entities expansion in the XML parser is asked for,
it is possble to craft relatively small input document leading
to excessive on-the-fly content generation.
This patch accounts for those replacement and stop parsing
after a given threshold. it can be bypassed as usual with the
HUGE parser option.
Patch: https://git.gnome.org/browse/libxml2/patch/?id=23f05e0c33987d6605387b300c4be5da2120a7ab
(from redmine: issue id 1725, created on 2013-03-26, closed on 2013-04-11)
- Relations:
- duplicates #1661 (closed)
- parent #1722 (closed)