Jgm

**Name of the Vulnerable Software and Affected Versions** xml-conduit versions prior to 1.9.1.0 **Description** A vulnerability was found in the DOCTYPE Entity Expansion Handler component of xml-conduit, affecting an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs. The manipulation leads to an infinite loop and can be launched remotely. **Recommendations** For versions prior to 1.9.1.0, upgrade to version 1.9.1.0 to address this issue. As a temporary workaround, consider restricting the use of the DOCTYPE Entity Expansion Handler component until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** gitit versions prior to 0.15.0.0 **Description** The Export feature in gitit can be exploited to leak information from files. **Recommendations** For versions prior to 0.15.0.0, update to version 0.15.0.0 or later to resolve the issue.