Candidate: CVE-2014-1626
PublicDate: 2014-01-26 01:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1626
 http://sourceforge.net/p/marcpm/code/ci/cf2d36597a56eeeffd53b38182b8557c7bf569ac/
Description:
 XML External Entity (XXE) vulnerability in MARC::File::XML module before
 1.0.2 for Perl, as used in Evergreen, Koha, perl4lib, and possibly other
 products, allows context-dependent attackers to read arbitrary files via a
 crafted XML file.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736275
Priority: medium
Discovered-by: John Lightsey
Assigned-to:
CVSS: 

Patches_libmarc-xml-perl:
 upstream: http://sourceforge.net/p/marcpm/code/ci/cf2d36597a56eeeffd53b38182b8557c7bf569ac/
upstream_libmarc-xml-perl: released (1.0.2-1)
lucid_libmarc-xml-perl: ignored (reached end-of-life)
precise_libmarc-xml-perl: ignored (reached end-of-life)
precise/esm_libmarc-xml-perl: DNE (precise was needed)
quantal_libmarc-xml-perl: ignored (reached end-of-life)
raring_libmarc-xml-perl: ignored (reached end-of-life)
saucy_libmarc-xml-perl: ignored (reached end-of-life)
trusty_libmarc-xml-perl: not-affected (1.0.2-1)
trusty/esm_libmarc-xml-perl: DNE (trusty was not-affected [1.0.2-1])
utopic_libmarc-xml-perl: not-affected (1.0.2-1)
vivid_libmarc-xml-perl: not-affected (1.0.2-1)
vivid/stable-phone-overlay_libmarc-xml-perl: DNE
vivid/ubuntu-core_libmarc-xml-perl: DNE
wily_libmarc-xml-perl: not-affected (1.0.2-1)
xenial_libmarc-xml-perl: not-affected (1.0.2-1)
yakkety_libmarc-xml-perl: not-affected (1.0.2-1)
zesty_libmarc-xml-perl: not-affected (1.0.2-1)
devel_libmarc-xml-perl: not-affected (1.0.2-1)