At 10:32 AM 1/21/2014 -0800, Galen Charlton wrote:
Hi,
I have uploaded [1] version 1.0.2 of MARC::File::XML, a Perl module which is used by Koha. This is a security release that repairs an XML external entity (XXE) vulnerability. [snip]
Hi Galen - I've been keeping an eye open for this release for Ubuntu 12.04 LTS. After an 'update' I felt fairly comfortable as it showed 1.0.2, but digging deeper, I find: me@hardy:/$ sudo apt-cache show libmarc-xml-perl Package: libmarc-xml-perl Version: 1.0.2-1koha1 Architecture: all Maintainer: Robin Sheat <robin@catalyst.net.nz> [snip] Package: libmarc-xml-perl Priority: optional Section: universe/perl Installed-Size: 108 Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> Original-Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Architecture: all Version: 0.92-1 [snip] Could you please advise on 1.0.2 versus 0.92-1 -- the devil is always in the details. btw, it updated the sandbox seamlessly; as soon as I can find a cataloguer to "give it a whirl", I'll do the production box -- unless you can point me to any particular detail that would verify full functionality. Many thanks and best regards -- Paul