in reply to Re: XML DOS vulnerability?
in thread XML DOS vulnerability?

The report indicates vulnerabilities for:

AFAIK, of these, only libexpat is widely used in Perl. If your code makes use of XML::Parser, you probably have the same vulnerability.

The main alternative, XML::LibXML, is based on libxml2, which was not mentioned in the report, so it might be safe.

Replies are listed 'Best First'.
Re^3: XML DOS vulnerability?
by Chairman Kaga (Acolyte) on Aug 10, 2009 at 19:11 UTC
    The CERT report does cite libxml2 now as well, so this seems to be a very pervasive issue.

    Patches for libxml2 can be found in this Bugzilla ticket against 2.5.10, 2.6.16, and 2.6.26. It does not appear that this fix has been rolled into an official release yet.
[reply]

In Section Seekers of Perl Wisdom