Bug#1064762: Bug is actually in expat xml-parser

Markus Blatt markus at dr-blatt.de
Wed Mar 20 13:27:24 GMT 2024


Hi,

One of the DUNE developers has some more insight on this:
https://gitlab.dune-project.org/core/dune-grid/-/issues/184#note_135809

This looks like being the same problem that I noted for Paraview on
ubuntu. It seems that a bugfix in the xml-parser `expat` broke parsing
binary data. Debian sid contains expat 2.6.2 where this is
fixed. Ubuntu 23.10 has recently backported a fix to 2.5.0 which broke
reading appended data in paraview for me. So the issue reported here
may now also effect Ubuntu 23.10. 

* Bug report for Ubuntu: https://bugs.launchpad.net/ubuntu/+source/expat/+bug/2058415
* Related discussion for arch: https://discourse.paraview.org/t/i-cannot-read-a-vtp-file-i-could-open-yesterday-can-someone-try-to-open-it/13938
* In the debian security tracker for expat one can the the CVEs that
* have been fixed in sid but (so far) not in stable and testing. In
* Ubuntu the patches for these CVEs have been backported already:
* https://security-tracker.debian.org/tracker/source-package/expat 

Best,

Markus



More information about the debian-science-maintainers mailing list