[Koha] SECURITY release: MARC::File::XML 1.0.2
Paul A
paul.a at navalmarinearchive.com
Thu Jan 23 12:15:27 NZDT 2014
At 10:32 AM 1/21/2014 -0800, Galen Charlton wrote:
>Hi,
>
>I have uploaded [1] version 1.0.2 of MARC::File::XML, a Perl module
>which is used by Koha. This is a security release that repairs an XML
>external entity (XXE) vulnerability. [snip]
Hi Galen - I've been keeping an eye open for this release for Ubuntu 12.04
LTS. After an 'update' I felt fairly comfortable as it showed 1.0.2, but
digging deeper, I find:
me at hardy:/$ sudo apt-cache show libmarc-xml-perl
Package: libmarc-xml-perl
Version: 1.0.2-1koha1
Architecture: all
Maintainer: Robin Sheat <robin at catalyst.net.nz>
[snip]
Package: libmarc-xml-perl
Priority: optional
Section: universe/perl
Installed-Size: 108
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Original-Maintainer: Debian Perl Group
<pkg-perl-maintainers at lists.alioth.debian.org>
Architecture: all
Version: 0.92-1
[snip]
Could you please advise on 1.0.2 versus 0.92-1 -- the devil is always in
the details.
btw, it updated the sandbox seamlessly; as soon as I can find a cataloguer
to "give it a whirl", I'll do the production box -- unless you can point me
to any particular detail that would verify full functionality.
Many thanks and best regards -- Paul
More information about the Koha
mailing list