[osgeo4w-dev] Re: [osgeo4w] #116: Apply patch against crash in
UTF-8 parser in Expat (CVE-2009-2625)
OSGeo4W
trac_osgeo4w at osgeo.org
Mon Apr 5 13:02:12 EDT 2010
#116: Apply patch against crash in UTF-8 parser in Expat (CVE-2009-2625)
--------------------+-------------------------------------------------------
Reporter: rouault | Owner: osgeo4w-dev at lists.osgeo.org
Type: defect | Status: new
Priority: major | Component: Package
Version: | Resolution:
Keywords: expat |
--------------------+-------------------------------------------------------
Comment (by rouault):
I'll usually trust Linux distro and security researchers for places to
patch. Actually, When looking at http://svn.debian.org/wsvn/debian-xml-
sgml/packages/expat/trunk/debian/patches/, I see there's also an extra
patch for another expat CVE that should be applied. So the 2 are :
* http://svn.debian.org/wsvn/debian-xml-
sgml/packages/expat/trunk/debian/patches/551936_CVE_2009_2625.dpatch
* http://svn.debian.org/wsvn/debian-xml-
sgml/packages/expat/trunk/debian/patches/560901_CVE_2009_3560.dpatch
--
Ticket URL: <http://trac.osgeo.org/osgeo4w/ticket/116#comment:2>
OSGeo4W <http://trac.osgeo.org/osgeo4w>
OSGeo4W is the Windows installer for the OSGeo stack.
More information about the osgeo4w-dev
mailing list