CVE-2012-2921
Published: 21 May 2012
Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document.
Priority
Status
Package | Release | Status |
---|---|---|
feedparser Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Released
(5.1-0ubuntu3.1)
|
|
quantal |
Released
(5.1-0ubuntu4)
|
|
raring |
Released
(5.1-0ubuntu4)
|
|
saucy |
Released
(5.1-0ubuntu4)
|
|
upstream |
Released
(5.1.2)
|
|
Patches: upstream: https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py |
References
- https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py
- https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706
- http://osvdb.org/81701
- http://freecode.com/projects/feedparser/releases/344371
- https://ubuntu.com/security/notices/USN-1449-1
- https://www.cve.org/CVERecord?id=CVE-2012-2921
- NVD
- Launchpad
- Debian