Archives
Archives
| From: | Kent Fredric <kentnl@g.o> | ||
|---|---|---|---|
| To: | gentoo-dev@l.g.o | ||
| Subject: | Re: [gentoo-dev] rsync.gentoo.org rsync modules: ChangeLogs dropped from gentoo-portage | ||
| Date: | Thu, 17 Nov 2016 21:48:58 | ||
| Message-Id: | 20161118104821.5be6d101@katipo2.lan | ||
| In Reply to: | Re: [gentoo-dev] rsync.gentoo.org rsync modules: ChangeLogs dropped from gentoo-portage by "Robin H. Johnson" |
||
| 1 | On Thu, 17 Nov 2016 20:57:26 +0000 |
| 2 | "Robin H. Johnson" <robbat2@g.o> wrote: |
| 3 | |
| 4 | > - eg metadata.xml (nothing for user systems is impacted by it, other |
| 5 | > than to give output about packages). |
| 6 | |
| 7 | Idle thought: Given there are classes of vulnerabilities related to XML |
| 8 | parsing and decoding, any systems that attempt to read this file should |
| 9 | ensure a it "good" before doing so. |
| 10 | |
| 11 | But I don't really know the specifics of XXE vulns, only that I saw a |
| 12 | few in the last few months. |
| Subject | Author |
|---|---|
| Re: [gentoo-dev] rsync.gentoo.org rsync modules: ChangeLogs dropped from gentoo-portage | Rich Freeman <rich0@g.o> |