[xml/sgml-pkgs] Bug#496125: More potentially affected packages
Florian Weimer
fw at deneb.enyo.de
Mon Aug 25 18:54:40 UTC 2008
[also posted to oss-security.]
It's unclear if struct xmlEntity (especially its external allocation) is
part of the public API or not.
liferea 1.4.16b has this:
src/xml.c: entity = (xmlEntityPtr)g_new0 (xmlEntity, 1);
PHP 5.2.6 has this:
ext/dom/dom_iterators.c:61: ret = (xmlEntityPtr) xmlMalloc(sizeof(xmlEntity));
ext/dom/dom_iterators.c:62: memset(ret, 0, sizeof(xmlEntity));
QT 4.4.0 has this (with an instructive comment in front of it):
src/3rdparty/webkit/WebCore/dom/XMLTokenizer.cpp:static xmlEntity sharedXHTMLEntity = {
(This is not the result of an exhaustive search.)
More information about the debian-xml-sgml-pkgs
mailing list