[xml/sgml-pkgs] Bug#776869: libxml2: Bug with DTD parsing

Thomas SOETE thomas.soete at ovh.net
Mon Feb 2 15:58:36 UTC 2015 

Package: libxml2
Version: 2.8.0+dfsg1-7+wheezy2
Severity: important

Dear Maintainer,

We found a case where DTD are not correctly handled in some XML files.
Please find in attachment bug.xml and bug.dtd which reproduces the bug:

Result : 
$ xmllint --format --noent --loaddtd bug.xml
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE page SYSTEM "./bug.dtd">
<xml>
  <a b="www.example.org"/>
  <c/>
</xml>

Here, rootDomain is replaces by an empty string instead of "www.example.org".
If both "a" and "c" are reversed, like in good.xml:

$ xmllint --format --noent --loaddtd good.xml
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE page SYSTEM "./bug.dtd">
<xml>
  <c>www.example.org</c>
  <a b="www.example.org"/>
</xml>

rootDomain is well replaced.

-- System Information:
Debian Release: 7.8
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.10.9-xxxx-grs-ipv6-64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages libxml2 depends on:
ii  libc6              2.13-38+deb7u7
ii  liblzma5           5.1.1alpha+20120614-2
ii  multiarch-support  2.13-38+deb7u7
ii  zlib1g             1:1.2.7.dfsg-13

Versions of packages libxml2 recommends:
ii  xml-core  0.13+nmu2

libxml2 suggests no packages.

-- no debconf information
-------------- next part --------------
<!ENTITY rootDomain            "www.example.org">
<!ENTITY cgiDomain             "&rootDomain;">
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bug.xml
Type: application/xml
Size: 149 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-xml-sgml-pkgs/attachments/20150202/6abcf30f/attachment.xml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: good.xml
Type: application/xml
Size: 149 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/debian-xml-sgml-pkgs/attachments/20150202/6abcf30f/attachment-0001.xml>

More information about the debian-xml-sgml-pkgs mailing list