PublicDateAtUSN: 2015-05-01
Candidate: CVE-2015-3451
PublicDate: 2015-05-12 19:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3451
 http://www.openwall.com/lists/oss-security/2015/04/25/2
 https://ubuntu.com/security/notices/USN-2592-1
Description:
 The _clone function in XML::LibXML before 2.0119 does not properly set the
 expand_entities option, which allows remote attackers to conduct XML
 external entity (XXE) attacks via crafted XML data to the (1) new or (2)
 load_xml function.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783443
Priority: medium
Discovered-by: Tilmann Haak
Assigned-to: mdeslaur
CVSS: 

Patches_libxml-libxml-perl:
 upstream: https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30
 upstream: https://bitbucket.org/shlomif/perl-xml-libxml/commits/915f1dbaf21c5f3c21d7c519c70fd93859e47152
upstream_libxml-libxml-perl: released (2.0116+dfsg-2)
precise_libxml-libxml-perl: released (1.89+dfsg-1ubuntu0.1)
trusty_libxml-libxml-perl: released (2.0108+dfsg-1ubuntu0.1)
trusty/esm_libxml-libxml-perl: DNE (trusty was released [2.0108+dfsg-1ubuntu0.1])
utopic_libxml-libxml-perl: released (2.0116+dfsg-1ubuntu0.14.10.1)
vivid_libxml-libxml-perl: released (2.0116+dfsg-1ubuntu0.15.04.1)
devel_libxml-libxml-perl: DNE