Date: Mon, 30 May 2011 23:36:05 GMT From: Steve Wills <swills@FreeBSD.org> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/157446: base expat needs minor fixes from vendor cvs Message-ID: <201105302336.p4UNa5Yc056009@red.freebsd.org> Resent-Message-ID: <201105302340.p4UNe9g0041408@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 157446 >Category: misc >Synopsis: base expat needs minor fixes from vendor cvs >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon May 30 23:40:09 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Steve Wills >Release: >Organization: >Environment: >Description: While looking into PR ports/150968 I discovered some minor bugs in the base expat that also are not patched. In particular, there's a better fix for CVE-2009-3560. See: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log In particular rev 1.166 and there's another issue which was reported here: http://mail.libexpat.org/pipermail/expat-bugs/2010-February/002870.html which was fixed in 1.167. This patch might do the trick: http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.167&view=patch >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105302336.p4UNa5Yc056009>