Bugzilla – Bug 1212012
VUL-0: CVE-2023-34411: wl-clipboard-rs: xml-rs: denial of service via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document.
Last modified: 2023-06-17 07:35:02 UTC
+++ This bug was initially created as a clone of Bug #1211996 +++ CVE-2023-34411 The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34411 https://www.cve.org/CVERecord?id=CVE-2023-34411 https://github.com/00xc/xml-rs/commit/0f084d45aa53e4a27476961785f59f2bd7d59a9f https://github.com/netvl/xml-rs/commit/c09549a187e62d39d40467f129e64abf32efc35c https://github.com/netvl/xml-rs/compare/0.8.13...0.8.14 https://github.com/netvl/xml-rs/pull/226
openSUSE:Factory/wl-clipboard-rs embeds a vulnerable version of xml-rs crate.
https://build.opensuse.org/request/show/1091043 SR with updated vendor package
(In reply to Denys Kondratenko from comment #2) > https://build.opensuse.org/request/show/1091043 > > SR with updated vendor package Thanks a lot Denys. Closing
This is an autogenerated message for OBS integration: This bug (1212012) was mentioned in https://build.opensuse.org/request/show/1093567 Factory / wl-clipboard-rs