[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [Expat-discuss] RFH: Patch for CVE-2009-3560 in expat breaks the Perl XML parser

Niko Tyni wrote:

> I'm attaching an example XML document and the external DTD it
> references. Without the CVE-2009-3560 patch, the test 'xmlwf -p t.xml'
> silently passes. With the patch, the output is
>  t.dtd:4:3: syntax error
>  t.xml:2:28: error in processing external entity reference
> (The DTD was copied verbatim from the example at
>  http://www.w3.org/TR/REC-xml/#sec-condition-sect )

I can duplicate this. The patch needs to be revised.
Thanks for testing this.


Reply to: