hi,
just a quick ack:
i've imported the patches into git but one of them does not apply:
Applying patch CVE-2009-3560.patch
patching file lib/expat/xmlparse/xmlparse.c
Hunk #1 FAILED at 2330.
1 out of 1 hunk FAILED -- rejects in file lib/expat/xmlparse/xmlparse.c
Patch CVE-2009-3560.patch does
On Thu, 2010-01-28 at 10:00 +0100, sean finney wrote:
560942
i've imported the patches into git but one of them does not apply:
Applying patch CVE-2009-3560.patch
patching file lib/expat/xmlparse/xmlparse.c
Hunk #1 FAILED at 2330.
1 out of 1 hunk FAILED -- rejects in file
hi jamie,
it looks like the version in git[1,2] is based on 1.16.07, which probably
explains the discrepancy. i'm pretty sure this version predates the CVE
by large enough of a margin that it's likely to be vulnerable unless it's
been hacked enough to have lost the vulnerable code paths.
Package: xmlrpc-c
Version: 1.06.27-1
Severity: normal
Tags: patch
User: ubuntu-de...@lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
In Ubuntu, we've applied the attached patch to achieve the following:
* SECURITY UPDATE: fix DoS via malformed XML
-
package: xmlrpc-c
severity: serious
tags: security
Hi,
The following CVE (Common Vulnerabilities Exposures) ids were
published for expat. I have determined that this package embeds a
vulnerable copy of xmlparse.c and xmltok_impl.c. However, since this is
a mass bug filing (due to so many
5 matches
Mail list logo
