https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=42317 Mason James <mtj@kohaaloha.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mtj@kohaaloha.com --- Comment #8 from Mason James <mtj@kohaaloha.com> --- (In reply to Marcel de Rooy from comment #6)
(In reply to David Cook from comment #0)
CVE-2014-1626 notes vulnerabilities in MARC::File::XML in versions less than 1.0.2.
Looking at Koha's cpanfile we say that we require at least version 1.0.1, but that should be updated to 1.0.2 or even 1.0.5 since in practice only 1.0.5 is really available via CPAN or Debian repos.
Confirmed bullseye libmarc-xml-perl (1.0.5-1)
thanks Marcel libmarc-xml-perl (1.0.5) is available in all supported debian version https://tracker.debian.org/pkg/libmarc-xml-perl -- You are receiving this mail because: You are watching all bug changes.