[Expat-discuss] RFH: Patch for CVE-2009-3560 in expat breaks the Perl XML parser
Karl Waclawek
karl at waclawek.net
Tue Dec 29 06:17:02 CET 2009
Niko Tyni wrote:
> I'm attaching an example XML document and the external DTD it
> references. Without the CVE-2009-3560 patch, the test 'xmlwf -p t.xml'
> silently passes. With the patch, the output is
>
> t.dtd:4:3: syntax error
> t.xml:2:28: error in processing external entity reference
>
> (The DTD was copied verbatim from the example at
> http://www.w3.org/TR/REC-xml/#sec-condition-sect )
I can duplicate this. The patch needs to be revised.
Thanks for testing this.
Karl
More information about the Expat-discuss
mailing list