Debian Linux Security Advisory 2978-2 - It was discovered that the update released for libxml2 in DSA 2978 fixing CVE-2014-0191 was incomplete. This caused libxml2 to still fetch external entities regardless of whether entity substitution or validation is enabled.
75ca24bacda68087f871e1aa68638a3e79c95dcff8d9fdea640df8af5b8a3b46