Red Hat Bugzilla – Bug 149931
CAN-2005-0588 XSLT can include stylesheets from arbitrary hosts
Last modified: 2007-11-30 17:07:16 EST
xsl:include and xsl:import can include XSLT stylesheets from arbitrary domains
including those behind the user's firewall. This at least allows for existence
checking of these files; it's not clear how much, if any, data could be
extracted from arbitrary XML files.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.