[Pkg-tcltk-devel] Bug#601049: xotcl uses a vulnerable embedded version of the expat library
Silvio Cesare
silvio.cesare at gmail.com
Sat Oct 23 00:41:11 UTC 2010
Package: xotcl
Version: 1.6.1-1
Severity: important
Tags: security
Xotcl uses an embedded and vulnerable version of the expat library for XML
parsing. At a minimum,
http://security-tracker.debian.org/tracker/CVE-2009-3720 is present from
having a quick review of the relevant source. I have not investigated the
impact of this vulnerability or how it would be triggered. I imagine the
impact is quite low because the outstanding vulnerabilities in expat are
denial of services. The desired outcome is that xotcl dynamically link
against the system expat library instead of linking in the embedded copy.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-tcltk-devel/attachments/20101023/ba131bc1/attachment.htm>
More information about the Pkg-tcltk-devel
mailing list