It was reported that perl-XML-LibXML did ignore "expand_entities" option in some circumstances, which could lead to sensitive information disclosure. Original report and CVE request (reprodcuers are also available): http://seclists.org/oss-sec/2015/q2/280
Created perl-XML-LibXML tracking bugs for this issue: Affects: fedora-all [bug 1216114]
perl-XML-LibXML-2.0119-1.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Mitigations: This issue only affects programs using this program in forms such as: $parser = XML::LibXML->new or $XML_DOC = $parser->load_xml if you use the form: $XML_DOC = XML::LibXML->load_xml this vulnerability will not be exposed.
Statement: This issue affects the versions of perl-XML-LibXML as shipped with Red Hat Enterprise Linux 5, 6 and 7. Red Hat Product Security has rated this issue as having Low security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.