On Sun, Dec 13, 2009 at 11:06 AM, Siddhesh Poyarekar <siddhesh.poyare...@gmail.com> wrote: > On Sun, Dec 13, 2009 at 9:20 AM, Michael Gilbert > <michael.s.gilb...@gmail.com> wrote: >> CVE-2009-3560[0]: >> | The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, >> | as used in the XML-Twig module for Perl, allows context-dependent >> | attackers to cause a denial of service (application crash) via an XML >> | document with malformed UTF-8 sequences that trigger a buffer >> | over-read, related to the doProlog function in lib/xmlparse.c, a >> | different vulnerability than CVE-2009-2625 and CVE-2009-3720. > > The current implementation in ayttm simply abort()s on invalid xml, so > it is a DoS, but not a buffer over-read. I'll remove the abort and > return an error instead. > >> CVE-2009-3720[1]: >> | The updatePosition function in lib/xmltok_impl.c in libexpat in Expat >> | 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, >> | allows context-dependent attackers to cause a denial of service >> | (application crash) via an XML document with crafted UTF-8 sequences >> | that trigger a buffer over-read, a different vulnerability than >> | CVE-2009-2625. > > The fix from upstream applies (more or less) directly here. >
Fix committed upstream: http://ayttm.git.sourceforge.net/git/gitweb.cgi?p=ayttm/ayttm;a=commit;h=ab46edf748b6c5a0f171534f6950929db4939ab3 -- Siddhesh Poyarekar http://siddhesh.in -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
