libxml2’s DTD support has been a source of numerous security vulnerabilities. librepo should ensure that it is completely disabled, meaning that a DTD (irrespective of its content) will result in a parse error. If this is not possible, librepo should check the start of the XML to ensure that no DTD can be present.
libxml2’s DTD support has been a source of numerous security vulnerabilities. librepo should ensure that it is completely disabled, meaning that a DTD (irrespective of its content) will result in a parse error. If this is not possible, librepo should check the start of the XML to ensure that no DTD can be present.