[Bug 1008647] New: VUL-0: CVE-2016-9181: perl-Image-Info: XXE in SVG files
http://bugzilla.suse.com/show_bug.cgi?id=1008647 Bug ID: 1008647 Summary: VUL-0: CVE-2016-9181: perl-Image-Info: XXE in SVG files Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: chris@computersalat.de Reporter: abergmann@suse.com QA Contact: qa-bugs@suse.de CC: dlovasko@suse.com Found By: Security Response Team Blocker: --- rh#1379556 The Image::Info package makes no precautions against external entity expansion in SVG files. A crafted file could cause information disclosure or denial of service. Upstream bug: https://rt.cpan.org/Public/Bug/Display.html?id=118099 Upstream patch: http://search.cpan.org/diff?from=Image-Info-1.38&to=Image-Info-1.38_50&w=1 References: https://bugzilla.redhat.com/show_bug.cgi?id=1379556 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9181 http://seclists.org/oss-sec/2016/q4/329 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1008647
http://bugzilla.suse.com/show_bug.cgi?id=1008647#c1
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1008647
http://bugzilla.suse.com/show_bug.cgi?id=1008647#c3
--- Comment #3 from Bernhard Wiedemann
http://bugzilla.suse.com/show_bug.cgi?id=1008647
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1008647
http://bugzilla.suse.com/show_bug.cgi?id=1008647#c5
--- Comment #5 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1008647
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1008647
Marcus Meissner
participants (1)
-
bugzilla_noreply@novell.com