[xml/sgml-pkgs] Bug#496125: More potentially affected packages

Florian Weimer fw at deneb.enyo.de
Mon Aug 25 18:54:40 UTC 2008

[also posted to oss-security.]

It's unclear if struct xmlEntity (especially its external allocation) is
part of the public API or not.

liferea 1.4.16b has this:

  src/xml.c:                    entity = (xmlEntityPtr)g_new0 (xmlEntity, 1);

PHP 5.2.6 has this:

  ext/dom/dom_iterators.c:61:      ret = (xmlEntityPtr) xmlMalloc(sizeof(xmlEntity));
  ext/dom/dom_iterators.c:62:      memset(ret, 0, sizeof(xmlEntity));

QT 4.4.0 has this (with an instructive comment in front of it):

  src/3rdparty/webkit/WebCore/dom/XMLTokenizer.cpp:static xmlEntity sharedXHTMLEntity = {

(This is not the result of an exhaustive search.)

More information about the debian-xml-sgml-pkgs mailing list