Re: [Expat-discuss] RFH: Patch for CVE-2009-3560 in expat breaks the Perl XML parser
Daniel Leidert wrote:
> x-post to expat-discuss, debian-devel and debian-perl
> The security issue known as CVE-2009-3560  has been fixed in expats
> source code some time ago . Now a Debian user informed  me, that
> the fix breaks parsing XML files with entities using Perls XML parser.
> Also several tests of the suite then fail (attached build log). So this
> makes the problem RC for us Debian and creates a problem in the *stable
> I guess, the Perl XML parser needs to be fixed and not expat. But I'm
> not familiar with the Perl module. I wonder if you (expat developers)
> have been informed about this? Unfortunately the author of the Perl XML
> parser module seems not active anymore (CCed him tough).
No, I haven't heard about the Perl issue before.
> Is someone able to help to track this down? Any help is appreciated.
>  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560
>  http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165
>  http://bugs.debian.org/561658
Could you please run the failing tests with Expat directly, instead of the