[xml/sgml-commit] r1591 - in /packages/expat/trunk/debian: changelog patches/00list patches/551936_CVE_2009_2625.dpatch

dleidert-guest at users.alioth.debian.org dleidert-guest at users.alioth.debian.org
Thu Oct 22 19:52:59 UTC 2009 

Author: dleidert-guest
Date: Thu Oct 22 19:52:59 2009
New Revision: 1591

URL: http://svn.debian.org/wsvn/debian-xml-sgml/?sc=1&rev=1591
Log:
* debian/patches/551936_CVE_2009_2625.dpatch: Added.
  - lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
    (closes: #551936).
* debian/patches/00list: Adjusted.

Added:
    packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch   (with props)
Modified:
    packages/expat/trunk/debian/changelog
    packages/expat/trunk/debian/patches/00list

Modified: packages/expat/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/debian-xml-sgml/packages/expat/trunk/debian/changelog?rev=1591&op=diff
==============================================================================
--- packages/expat/trunk/debian/changelog (original)
+++ packages/expat/trunk/debian/changelog Thu Oct 22 19:52:59 2009
@@ -1,6 +1,10 @@
 expat (2.0.1-5) UNRELEASED; urgency=low
 
   * NOT RELEASED YET
+  * debian/patches/551936_CVE_2009_2625.dpatch: Added.
+    - lib/xmltok_impl.c (updatePosition): Fix DoS vulnerability CVE-2009-2625
+      (closes: #551936).
+  * debian/patches/00list: Adjusted.
 
  -- Daniel Leidert (dale) <daniel.leidert at wgdd.de>  Mon, 09 Jun 2008 21:12:14 +0200
 

Modified: packages/expat/trunk/debian/patches/00list
URL: http://svn.debian.org/wsvn/debian-xml-sgml/packages/expat/trunk/debian/patches/00list?rev=1591&op=diff
==============================================================================
--- packages/expat/trunk/debian/patches/00list (original)
+++ packages/expat/trunk/debian/patches/00list Thu Oct 22 19:52:59 2009
@@ -3,3 +3,4 @@
 302191_install_expat_config_h
 412786_xmlwf_man_standard_fix
 485129_fix_underquotation_in_m4
+551936_CVE_2009_2625

Added: packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch
URL: http://svn.debian.org/wsvn/debian-xml-sgml/packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch?rev=1591&op=file
==============================================================================
--- packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch (added)
+++ packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch Thu Oct 22 19:52:59 2009
@@ -1,0 +1,24 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 551936_CVE_2009_2625.dpatch by Daniel Leidert (dale) <daniel.leidert at wgdd.de>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: A vulnarability allows remote attackers to cause a denial of service
+## DP: infinite loop and application hang) via malformed XML input.
+## DP:
+## DP: <URL:http://bugs.debian.org/551936>
+## DP: <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625>
+## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.15&r2=1.13>
+
+ at DPATCH@
+diff -urNad trunk~/lib/xmltok_impl.c trunk/lib/xmltok_impl.c
+--- trunk~/lib/xmltok_impl.c	2006-11-26 18:34:46.000000000 +0100
++++ trunk/lib/xmltok_impl.c	2009-10-22 21:42:41.000000000 +0200
+@@ -1744,7 +1744,7 @@
+                        const char *end,
+                        POSITION *pos)
+ {
+-  while (ptr != end) {
++  while (ptr < end) {
+     switch (BYTE_TYPE(enc, ptr)) {
+ #define LEAD_CASE(n) \
+     case BT_LEAD ## n: \

Propchange: packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch
------------------------------------------------------------------------------
    svn:executable = *

More information about the debian-xml-sgml-commit mailing list