Bug 1219561 (CVE-2023-52426) - VUL-0: CVE-2023-52426: expat: recursive XML Entity Expansion if XML_DTD is undefined at compile time.
Summary: VUL-0: CVE-2023-52426: expat: recursive XML Entity Expansion if XML_DTD is un...
Status: IN_PROGRESS
Alias: CVE-2023-52426
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: David Anes
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/392986/
Whiteboard: CVSSv3.1:SUSE:CVE-2023-52426:5.5:(AV:...
Keywords:
Depends on: CVE-2023-52425
Blocks:
  Show dependency treegraph
 
Reported: 2024-02-05 10:24 UTC by SMASH SMASH
Modified: 2024-07-03 12:08 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Andrea Mattiazzo 2024-02-05 10:35:37 UTC 
Tracking as affected:
- SUSE:ALP:Source:Standard:1.0
- SUSE:Carwos:1
- SUSE:SLE-12:Update
- SUSE:SLE-15-SP4:Update
- SUSE:SLE-15:Update
- openSUSE:Factory

- SUSE:SLE-11:Update only on reactive support
Comment 2 David Anes 2024-02-19 18:35:53 UTC 
Factory was already fixed here:
* https://build.opensuse.org/request/show/1146280