[osgeo4w-dev] [osgeo4w] #116: Apply patch against crash in UTF-8
parser in Expat (CVE-2009-2625)
OSGeo4W
trac_osgeo4w at osgeo.org
Thu Oct 29 14:35:54 EDT 2009
#116: Apply patch against crash in UTF-8 parser in Expat (CVE-2009-2625)
--------------------+-------------------------------------------------------
Reporter: rouault | Owner: osgeo4w-dev at lists.osgeo.org
Type: defect | Status: new
Priority: major | Component: Package
Version: | Keywords: expat
--------------------+-------------------------------------------------------
A security hole has been discovered in Expat 2.0.1 that make it crash on
invalid UTF8 sequences. The fix is in upstream
Expat(http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.15&r2=1.13)
and has been backported to Linux distros :
https://bugs.gentoo.org/show_bug.cgi?id=280615,
http://svn.debian.org/wsvn/debian-xml-
sgml/packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch
--
Ticket URL: <http://trac.osgeo.org/osgeo4w/ticket/116>
OSGeo4W <http://trac.osgeo.org/osgeo4w>
OSGeo4W is the Windows installer for the OSGeo stack.
More information about the osgeo4w-dev
mailing list