2014-0003

Unsafe parsing of XML documents allows arbitrary file read

Daniel P. Berrange berrange@redhat.com Richard Jones rjones@redhat.com Daniel P. Berrange berrange@redhat.com 20140411 20140506 20140506 libvirt.git master v0.0.5 v0.1.0 v0.1.1 v0.1.3 v0.1.4 v0.1.6 v0.1.7 v0.1.8 v0.1.9 v0.1.10 v0.1.11 v0.2.0 v0.2.1 v0.2.2 v0.2.3 v0.3.0 v0.3.1 v0.3.2 v0.3.3 v0.4.1 v0.4.2 v0.4.4 v0.4.6 v0.5.0 v0.5.1 v0.6.0 v0.6.1 v0.6.2 v0.6.3 v0.6.4 v0.6.5 v0.7.0 v0.7.1 v0.7.2 v0.7.3 v0.7.4 v0.7.5 v0.7.6 v0.7.7 v0.8.0 v0.8.1 v0.8.2 v0.8.3 v0.8.4 v0.8.5 v0.8.6 v0.8.7 v0.8.8 v0.9.0 v0.9.1 v0.9.2 v0.9.3 v0.9.4 v0.9.5 v0.9.6 v0.9.7 v0.9.8 v0.9.9 v0.9.10 v0.9.11 v0.9.12 v0.9.13 v0.10.0 v0.10.1 v0.10.2 v1.0.0 v1.0.1 v1.0.2 v1.0.3 v1.0.4 v1.0.5 v1.0.6 v1.1.0 v1.1.1 v1.1.2 v1.1.3 v1.1.4 v1.2.0 v1.2.1 v1.2.2 v1.2.3 v1.2.4 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 v1.2.5 d6b27d3e4c40946efa79e91d134616b41b1666c4 v0.8.3-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 v0.9.6-maint v0.9.6.1 v0.9.6.2 v0.9.6.3 v0.9.6.4 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 be7a5de9d0c406f36efae3230e1743c613ad6945 v0.9.11-maint v0.9.11.1 v0.9.11.2 v0.9.11.3 v0.9.11.4 v0.9.11.5 v0.9.11.6 v0.9.11.7 v0.9.11.8 v0.9.11.9 v0.9.11.10 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 v0.9.12-maint v0.9.12.1 v0.9.12.2 v0.9.12.3 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 022b34cee73f86b01724b5279cf626df9cca245f v0.10.2-maint v0.10.2.1 v0.10.2.2 v0.10.2.3 v0.10.2.4 v0.10.2.5 v0.10.2.6 v0.10.2.7 v0.10.2.8 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 16d55b311ad5c3c2e61494b848b1c6ee36897476 v1.0.0-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 v1.0.1-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 v1.0.2-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 66de726e2175333bc9e0153f9ffc5f2025b199de v1.0.3-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 16fc426a27d88bbdc96c307c7ef0cce25e8ae717 v1.0.4-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 040df62ae7fcbbead96c2f2191651daf35686986 v1.0.5-maint v1.0.5.1 v1.0.5.2 v1.0.5.3 v1.0.5.4 v1.0.5.5 v1.0.5.6 v1.0.5.7 v1.0.5.8 v1.0.5.9 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 4410a83e18c1b41f1f5d3f10a0b648fc9304bc35 v1.0.6-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 89538f57f4c2401d7c555299f15de17c539981c2 v1.1.0-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 6f4eae73a0bf3e1c5e9597e4f9a8078cad69b1e3 v1.1.1-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 cfc94140e5989c9f3cce0fdbb758730818cb2572 v1.1.2-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 8fd2005cc0594742dc6cfab07a62f9774798a56d v1.1.3-maint v1.1.3.1 v1.1.3.2 v1.1.3.3 v1.1.3.4 v1.1.3.5 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 v1.1.3.6 46de45d079ae2622660fe147cf237ee617cc461c v1.1.4-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 e2b96d539f8a06e08cdf001627efe3f399db9c07 v1.2.0-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 9b1d09377492a4ce92498abb7cf830d693bc661c v1.2.1-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 877388678a77bacf802f97de429b2b350b02eb41 v1.2.2-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 ab07ebeb22b1d724999dc6eabc33cd6266de496f v1.2.3-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 a45368839fb898feb6b634df2bf337697155ea74 v1.2.4-maint 77e8b6c62c48b6346bbdb2df3e0d925852c6bf3e 387941fb626d9362835aa216b4a871e18268f649 0b7d2ae653f583825f6d83bfb0744673648a9833 ed3bac713c3cfc055ef551cbfe92a061084382c3 a8480e2bc0d0b1c5cd98ff7424cace3e82db5ace