{ "schema_version": "1.7.0", "id": "MGASA-2016-0101", "published": "2016-03-07T19:58:58Z", "modified": "2016-03-07T19:53:40Z", "summary": "Updated exempi exiv2 packages fix security vulnerability", "details": "exempi contains code to protect against a denial-service-attack\nrelated to XML entity expansion (\"billion laughs attack\"), but it was\nnot compiled into the Mageia package because BanAllEntityUsage was not\ndefined when the package was compiled.\n\nThis has been corrected by recompiling it with the BanAllEntityUsage\nmacro defined. The exiv2 package contains a bundled copy of the same\ncode and has also been recompiled with the macro defined.\n", "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2016-0101.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=17877" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/pipermail/package-announce/2016-March/178378.html" } ], "affected": [ { "package": { "ecosystem": "Mageia:5", "name": "exempi", "purl": "pkg:rpm/mageia/exempi?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.2.2-14.1.mga5" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:5", "name": "exiv2", "purl": "pkg:rpm/mageia/exiv2?arch=source&distro=mageia-5" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.24-5.1.mga5" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }