Niko Tyni wrote: >> Could you please run the failing tests with Expat directly, instead of the >> Perl parser? > > I'm able to reproduce (at least part of) the problem without the Perl > bindings, using the 'xmlwf' example tool from the expat source (shipped > in the 'expat' package on Debian.) > > I'm attaching an example XML document and the external DTD it > references. Without the CVE-2009-3560 patch, the test 'xmlwf -p t.xml' > silently passes. With the patch, the output is > > t.dtd:4:3: syntax error > t.xml:2:28: error in processing external entity reference > > (The DTD was copied verbatim from the example at > http://www.w3.org/TR/REC-xml/#sec-condition-sect )
I revised the patch - see newest revision of xmlparse.c (rev. 166). May I ask for a favour: Please discuss these issues directly on the comments of the bug entry on SourceForge. Without this we will have no clue what things were discussed and discovered while fixing a bug. Thanks, Karl -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
