[Pkg-tcltk-devel] Bug#560950: CVE-2009-3560: Revised patch

Daniel Leidert daniel.leidert at wgdd.de
Mon Jan 4 07:40:26 UTC 2010


Hi,

After fixing CVE-2009-3560 in the expat package [1] I was informed, that
it broke parsing [2] in some documents. After talking to upstream [3],
the fix for CVE-2009-3560 has been adjusted [4][5].

[1] http://bugs.debian.org/560901
[2] http://bugs.debian.org/561658
[3] http://mail.libexpat.org/pipermail/expat-discuss/2009-December/002644.html
[4] http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166
[5] http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.166

Please note, that I just copied the bug-addresses from the mass bug
filing. I did not check, if you already fixed the issue or if this
information applies to you.

Regards, Daniel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://lists.alioth.debian.org/pipermail/pkg-tcltk-devel/attachments/20100104/d96716c1/attachment-0002.pgp>


More information about the Pkg-tcltk-devel mailing list