[xml/sgml-commit] r1661 - in /packages/expat/branches/lenny/debian: changelog patches/560901_CVE_2009_3560.dpatch
dleidert-guest at users.alioth.debian.org
dleidert-guest at users.alioth.debian.org
Tue Dec 29 21:29:51 UTC 2009
Author: dleidert-guest
Date: Tue Dec 29 21:29:51 2009
New Revision: 1661
URL: http://svn.debian.org/wsvn/debian-xml-sgml/?sc=1&rev=1661
Log:
* debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
- lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
regressions have been detected (closes: #561658, #562381). Many thanks
to Niko Tyni and Karl Waclawek for their help and the fix.
Modified:
packages/expat/branches/lenny/debian/changelog
packages/expat/branches/lenny/debian/patches/560901_CVE_2009_3560.dpatch
Modified: packages/expat/branches/lenny/debian/changelog
URL: http://svn.debian.org/wsvn/debian-xml-sgml/packages/expat/branches/lenny/debian/changelog?rev=1661&op=diff
==============================================================================
--- packages/expat/branches/lenny/debian/changelog (original)
+++ packages/expat/branches/lenny/debian/changelog Tue Dec 29 21:29:51 2009
@@ -1,3 +1,13 @@
+expat (2.0.1-4+lenny3) UNRELEASED; urgency=low
+
+ * Upload to stable to fix regressions in last security fix.
+ * debian/patches/560901_CVE_2009_3560.dpatch: Adjusted.
+ - lib/xmlparse.c (doProlog): Revised patch for CVE-2009-3560 after
+ regressions have been detected (closes: #561658, #562381). Many thanks
+ to Niko Tyni and Karl Waclawek for their help and the fix.
+
+ -- Daniel Leidert (dale) <daniel.leidert at wgdd.de> Tue, 29 Dec 2009 22:26:49 +0100
+
expat (2.0.1-4+lenny2) stable-security; urgency=medium
* Upload to stable to fix security issues.
Modified: packages/expat/branches/lenny/debian/patches/560901_CVE_2009_3560.dpatch
URL: http://svn.debian.org/wsvn/debian-xml-sgml/packages/expat/branches/lenny/debian/patches/560901_CVE_2009_3560.dpatch?rev=1661&op=diff
==============================================================================
--- packages/expat/branches/lenny/debian/patches/560901_CVE_2009_3560.dpatch (original)
+++ packages/expat/branches/lenny/debian/patches/560901_CVE_2009_3560.dpatch Tue Dec 29 21:29:51 2009
@@ -9,20 +9,26 @@
## DP: to the doProlog function in lib/xmlparse.c, a different vulnerability
## DP: than CVE-2009-2625 and CVE-2009-3720.
## DP:
+## DP: This is the revised patch.
+## DP:
## DP: <URL:http://bugs.debian.org/560901>
+## DP: <URL:http://bugs.debian.org/561658>
## DP: <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560>
-## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165>
+## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166>
+## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.166>
## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165>
@DPATCH@
-diff -urNad lenny~/lib/xmlparse.c lenny/lib/xmlparse.c
---- lenny~/lib/xmlparse.c 2007-05-08 04:25:35.000000000 +0200
-+++ lenny/lib/xmlparse.c 2009-12-13 11:39:18.671629559 +0100
-@@ -3725,7 +3725,6 @@
- return XML_ERROR_NO_ELEMENTS;
- default:
- tok = -tok;
-- next = end;
- break;
- }
- }
+diff -urNad trunk~/lib/xmlparse.c trunk/lib/xmlparse.c
+--- trunk~/lib/xmlparse.c 2007-05-08 04:25:35.000000000 +0200
++++ trunk/lib/xmlparse.c 2009-12-29 21:57:22.141732904 +0100
+@@ -3703,6 +3703,9 @@
+ return XML_ERROR_UNCLOSED_TOKEN;
+ case XML_TOK_PARTIAL_CHAR:
+ return XML_ERROR_PARTIAL_CHAR;
++ case -XML_TOK_PROLOG_S:
++ tok = -tok;
++ break;
+ case XML_TOK_NONE:
+ #ifdef XML_DTD
+ /* for internal PE NOT referenced between declarations */
More information about the debian-xml-sgml-commit
mailing list