Hi all ! Le mercredi 11 novembre 2009 08:01:59, Daniel Bünzli a écrit : > A new version of Xmlm is available. > It's a security update. All users are recommended to upgrade. > > http://erratique.ch/software/xmlm > > A call to List.map crept into my implementation of namespaces. A > maliciously crafted xml file with a very large amount of attributes on a > single tag can crash your (native code) program by stack overflow. The fix > doesn't affect performance -- a rev and a map makes a t.r. rev_map.
I have just uploaded the fixed version to unstable. I am not yet sure about the seriouness of the issue, but if you think this is a serious issue, we should also ask for a rebuild of the packages depending on xmlm. So far, I know only one, ocaml-xmlplaylist. Romain -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
