From: | Kent Fredric <kentnl@g.o> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] rsync.gentoo.org rsync modules: ChangeLogs dropped from gentoo-portage | ||
Date: | Thu, 17 Nov 2016 21:48:58 | ||
Message-Id: | 20161118104821.5be6d101@katipo2.lan | ||
In Reply to: | Re: [gentoo-dev] rsync.gentoo.org rsync modules: ChangeLogs dropped from gentoo-portage by "Robin H. Johnson" |
1 | On Thu, 17 Nov 2016 20:57:26 +0000 |
2 | "Robin H. Johnson" <robbat2@g.o> wrote: |
3 | |
4 | > - eg metadata.xml (nothing for user systems is impacted by it, other |
5 | > than to give output about packages). |
6 | |
7 | Idle thought: Given there are classes of vulnerabilities related to XML |
8 | parsing and decoding, any systems that attempt to read this file should |
9 | ensure a it "good" before doing so. |
10 | |
11 | But I don't really know the specifics of XXE vulns, only that I saw a |
12 | few in the last few months. |
Subject | Author |
---|---|
Re: [gentoo-dev] rsync.gentoo.org rsync modules: ChangeLogs dropped from gentoo-portage | Rich Freeman <rich0@g.o> |