A flaw was found in libxml2. The binaries xsltproc and xmllint contained in the lib seems to incorrectly parse xml metadata paths when the file is inside directories with spaces in its name leading to a possible user information leak. Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=668245 References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516916
Created libxml2 tracking bugs for this issue: Affects: fedora-all [bug 1469274] Created mingw-libxml2 tracking bugs for this issue: Affects: epel-7 [bug 1469273] Affects: fedora-all [bug 1469272]