[xml/sgml-commit] r1591 - in /packages/expat/trunk/debian: changelog patches/00list patches/551936_CVE_2009_2625.dpatch
dleidert-guest at users.alioth.debian.org
dleidert-guest at users.alioth.debian.org
Thu Oct 22 19:52:59 UTC 2009
Author: dleidert-guest
Date: Thu Oct 22 19:52:59 2009
New Revision: 1591
URL: http://svn.debian.org/wsvn/debian-xml-sgml/?sc=1&rev=1591
Log:
* debian/patches/551936_CVE_2009_2625.dpatch: Added.
- lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
(closes: #551936).
* debian/patches/00list: Adjusted.
Added:
packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch (with props)
Modified:
packages/expat/trunk/debian/changelog
packages/expat/trunk/debian/patches/00list
Modified: packages/expat/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/debian-xml-sgml/packages/expat/trunk/debian/changelog?rev=1591&op=diff
==============================================================================
--- packages/expat/trunk/debian/changelog (original)
+++ packages/expat/trunk/debian/changelog Thu Oct 22 19:52:59 2009
@@ -1,6 +1,10 @@
expat (2.0.1-5) UNRELEASED; urgency=low
* NOT RELEASED YET
+ * debian/patches/551936_CVE_2009_2625.dpatch: Added.
+ - lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
+ (closes: #551936).
+ * debian/patches/00list: Adjusted.
-- Daniel Leidert (dale) <daniel.leidert at wgdd.de> Mon, 09 Jun 2008 21:12:14 +0200
Modified: packages/expat/trunk/debian/patches/00list
URL: http://svn.debian.org/wsvn/debian-xml-sgml/packages/expat/trunk/debian/patches/00list?rev=1591&op=diff
==============================================================================
--- packages/expat/trunk/debian/patches/00list (original)
+++ packages/expat/trunk/debian/patches/00list Thu Oct 22 19:52:59 2009
@@ -3,3 +3,4 @@
302191_install_expat_config_h
412786_xmlwf_man_standard_fix
485129_fix_underquotation_in_m4
+551936_CVE_2009_2625
Added: packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch
URL: http://svn.debian.org/wsvn/debian-xml-sgml/packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch?rev=1591&op=file
==============================================================================
--- packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch (added)
+++ packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch Thu Oct 22 19:52:59 2009
@@ -1,0 +1,24 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 551936_CVE_2009_2625.dpatch by Daniel Leidert (dale) <daniel.leidert at wgdd.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: A vulnarability allows remote attackers to cause a denial of service
+## DP: infinite loop and application hang) via malformed XML input.
+## DP:
+## DP: <URL:http://bugs.debian.org/551936>
+## DP: <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625>
+## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.15&r2=1.13>
+
+ at DPATCH@
+diff -urNad trunk~/lib/xmltok_impl.c trunk/lib/xmltok_impl.c
+--- trunk~/lib/xmltok_impl.c 2006-11-26 18:34:46.000000000 +0100
++++ trunk/lib/xmltok_impl.c 2009-10-22 21:42:41.000000000 +0200
+@@ -1744,7 +1744,7 @@
+ const char *end,
+ POSITION *pos)
+ {
+- while (ptr != end) {
++ while (ptr < end) {
+ switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+ case BT_LEAD ## n: \
Propchange: packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch
------------------------------------------------------------------------------
svn:executable = *
More information about the debian-xml-sgml-commit
mailing list