Security Advisories (1)

CVE-2014-5260 (2014-08-16)

The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.

http://openwall.com/lists/oss-security/2014/08/15/8
https://metacpan.org/diff/file?target=AMBS/XML-DT-0.64/&source=AMBS/XML-DT-0.63/
https://metacpan.org/source/AMBS/XML-DT-0.66/Changes
https://bugs.debian.org/756566

NAME

mkxmltype - Make XML analysis using XML::DT

SYNOPSIS

mkxmltype <xmlfile>

DESCRIPTION

This command tries to infer DTD and Camlila-like types for a specific XML file;

Options

-latin1             input file encoding is forced to be latin1
-html               uses html (libxml2) parser
-show_att           Show attribute values
-expand_att_id
-lines=20000        just reads the first 20000 lines of the XML file
-t
-shell              Enter interactive shell mode

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

Options

SEE ALSO

Module Install Instructions