xplist: Fix limited but possible XXE security vulnerability with XML plists

By using a specifically crafted XML file an attacker could use plistutil
to issue a GET request to an arbitrary URL or disclose a local file.
The crafted XML file would be using a custom DTD with an external entity
reference pointing to the file. Practical abuse is limited but let's still
fix it nevertheless. Related to CVE-2013-0339 for libxml2 and CWE-827.
Reported by Loïc Bénis from calypt.com. Thanks!

0 files changed, 0 insertions, 0 deletions