Re: [Expat-discuss] RFH: Patch for CVE-2009-3560 in expat breaks the Perl XML parser

To: Karl Waclawek <karl@waclawek.net>, Daniel Leidert <daniel.leidert.spam@gmx.net>, expat-discuss@libexpat.org, debian-perl@lists.debian.org, debian-devel@lists.debian.org, msergeant@cpan.org
Subject: Re: [Expat-discuss] RFH: Patch for CVE-2009-3560 in expat breaks the Perl XML parser
From: Karl Waclawek <karl@waclawek.net>
Date: Tue, 29 Dec 2009 00:17:02 -0500
Message-id: <4B3990CE.4090204@waclawek.net>
In-reply-to: <20091228225835.GA1481@madeleine.local.invalid>
References: <1261577130.19144.26.camel@haktar.wgdd.de> <4B3274A8.2080904@waclawek.net> <20091228225835.GA1481@madeleine.local.invalid>

Niko Tyni wrote:

> I'm attaching an example XML document and the external DTD it
> references. Without the CVE-2009-3560 patch, the test 'xmlwf -p t.xml'
> silently passes. With the patch, the output is
> 
>  t.dtd:4:3: syntax error
>  t.xml:2:28: error in processing external entity reference
> 
> (The DTD was copied verbatim from the example at
>  http://www.w3.org/TR/REC-xml/#sec-condition-sect )

I can duplicate this. The patch needs to be revised.
Thanks for testing this.

Karl

Reply to:

References:
- RFH: Patch for CVE-2009-3560 in expat breaks the Perl XML parser
  - From: Daniel Leidert <daniel.leidert.spam@gmx.net>
- Re: [Expat-discuss] RFH: Patch for CVE-2009-3560 in expat breaks the Perl XML parser
  - From: Karl Waclawek <karl@waclawek.net>
- Re: [Expat-discuss] RFH: Patch for CVE-2009-3560 in expat breaks the Perl XML parser
  - From: Niko Tyni <ntyni@debian.org>

Prev by Date: Re: [Expat-discuss] RFH: Patch for CVE-2009-3560 in expat breaks the Perl XML parser
Next by Date: Re: [Expat-discuss] RFH: Patch for CVE-2009-3560 in expat breaks the Perl XML parser
Previous by thread: Re: [Expat-discuss] RFH: Patch for CVE-2009-3560 in expat breaks the Perl XML parser
Next by thread: Re: [Expat-discuss] RFH: Patch for CVE-2009-3560 in expat breaks the Perl XML parser
Index(es):
- Date
- Thread