[osgeo4w-dev] [osgeo4w] #116: Apply patch against crash in UTF-8 parser in Expat (CVE-2009-2625)

OSGeo4W trac_osgeo4w at osgeo.org
Thu Oct 29 14:35:54 EDT 2009


#116: Apply patch against crash in UTF-8 parser in Expat (CVE-2009-2625)
--------------------+-------------------------------------------------------
Reporter:  rouault  |       Owner:  osgeo4w-dev at lists.osgeo.org
    Type:  defect   |      Status:  new                        
Priority:  major    |   Component:  Package                    
 Version:           |    Keywords:  expat                      
--------------------+-------------------------------------------------------
 A security hole has been discovered in Expat 2.0.1 that make it crash on
 invalid UTF8 sequences. The fix is in upstream
 Expat(http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.15&r2=1.13)
 and has been backported to Linux distros :
 https://bugs.gentoo.org/show_bug.cgi?id=280615,
 http://svn.debian.org/wsvn/debian-xml-
 sgml/packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch

-- 
Ticket URL: <http://trac.osgeo.org/osgeo4w/ticket/116>
OSGeo4W <http://trac.osgeo.org/osgeo4w>
OSGeo4W is the Windows installer for the OSGeo stack.


More information about the osgeo4w-dev mailing list