[pkg-fgfs-crew] Bug#560937: Bug#560937: Bug#560932: Bug#560912: Expat issues update
Moritz Muehlenhoff
jmm at inutil.org
Mon Dec 21 22:09:16 UTC 2009
severity 560937 normal
tags 560937 -security
thanks
On Mon, Dec 14, 2009 at 12:17:17PM +0100, Ove Kaaven wrote:
> Mike Hommey skrev:
> > On Sun, Dec 13, 2009 at 05:21:26PM +0100, Matthias Klose wrote:
> >> On 13.12.2009 16:29, Michael Gilbert wrote:
> >>> Hi all,
> >>>
> >>> In order to guarantee that the system expat is used, the
> >>> '--with-expat=sys' configure argument must be used. If you think
> >>> your package is already using the system expat, or if you are updating
> >>> your package to use the system expat, please check to make sure that
> >>> this option is being used. Thanks.
> >> there's no such option for python, which uses a modified copy of expat.
> >
> > Likewise with mozilla, which uses a heavily modified copy of expat.
>
> And I think the xml parser in simgear was ripped from some version of
> mozilla. (Of course, I wouldn't consider a security flaw in a flight
> simulator library as critical as one in an actual web browser or
> anything, so I'm not sure how much I need to worry...)
Forcing Sim Gear into a crash through a flight model with malformed
XML is hardly a security issue, but a regular bug.
Cheers,
Moritz
More information about the pkg-fgfs-crew
mailing list