Bug 888769 - exiv2: embedded copy of exempi should be compiled with BanAllEntityUsage
Summary: exiv2: embedded copy of exempi should be compiled with BanAllEntityUsage
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: exiv2
Version: 24
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Rex Dieter
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 888768
Blocks: 888729
TreeView+ depends on / blocked
 
Reported: 2012-12-19 13:04 UTC by Florian Weimer
Modified: 2018-04-11 11:20 UTC (History)
4 users (show)

Fixed In Version: exiv2-0.24-5.fc22
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-03-06 23:18:13 UTC


Attachments (Terms of Use)

Description Florian Weimer 2012-12-19 13:04:23 UTC
See bug 888765:

exempi contains code to protect against a denial-service-attack related to XML entity expansion ("billion laughs attack"), but it is not compiled into the Fedora package because BanAllEntityUsage is not defined when the package is compiled.

Comment 1 Jan Kurik 2015-12-22 11:30:28 UTC
This bug is currently assigned to an unsupported release. If you think this bug is still valid and should remain open, please re-assign it to a supported release (F22, F23) or to rawhide.

Bugs which will be assigned to an unsupported release are going to be closed as EOL (End Of Life) on January 26th, 2016.

Comment 2 Rex Dieter 2016-02-22 14:24:59 UTC
Added to fedora packaging now, and asking upstream for feedback,

http://dev.exiv2.org/boards/3/topics/2366

Comment 3 Jan Kurik 2016-02-24 13:12:00 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 24 development cycle.
Changing version to '24'.

More information and reason for this action is here:
https://fedoraproject.org/wiki/Fedora_Program_Management/HouseKeeping/Fedora24#Rawhide_Rebase

Comment 4 Fedora Update System 2016-02-29 16:06:52 UTC
exiv2-0.25-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f802cade15

Comment 5 Fedora Update System 2016-02-29 16:07:34 UTC
exiv2-0.24-5.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff39572e31

Comment 6 Fedora Update System 2016-02-29 23:49:56 UTC
exiv2-0.24-5.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-ff39572e31

Comment 7 Fedora Update System 2016-02-29 23:52:10 UTC
exiv2-0.25-3.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f802cade15

Comment 8 Fedora Update System 2016-03-03 20:23:52 UTC
exiv2-0.25-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2016-03-06 23:18:08 UTC
exiv2-0.24-5.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.