https://bugzilla.redhat.com/show_bug.cgi?id=1216112
Bug ID: 1216112 Summary: perl-XML-LibXML: "expand_entities" option was not preserved under some circumstances Product: Security Response Component: vulnerability Keywords: Security Severity: low Priority: low Assignee: security-response-team@redhat.com Reporter: vkaigoro@redhat.com CC: jplesnik@redhat.com, mmaslano@redhat.com, perl-devel@lists.fedoraproject.org, perl-maint-list@redhat.com, ppisar@redhat.com, psabata@redhat.com
It was reported that perl-XML-LibXML did ignore "expand_entities" option in some circumstances, which could lead to sensitive information disclosure. Original report and CVE request (reprodcuers are also available): http://seclists.org/oss-sec/2015/q2/280