Niko Tyni wrote:
>> Could you please run the failing tests with Expat directly, instead of the
>> Perl parser?
>
> I'm able to reproduce (at least part of) the problem without the Perl
> bindings, using the 'xmlwf' example tool from the expat source (shipped
> in the 'expat' package on Debian.)
>
Niko Tyni wrote:
> I'm attaching an example XML document and the external DTD it
> references. Without the CVE-2009-3560 patch, the test 'xmlwf -p t.xml'
> silently passes. With the patch, the output is
>
> t.dtd:4:3: syntax error
> t.xml:2:28: error in processing external entity reference
>
>
Daniel Leidert wrote:
> x-post to expat-discuss, debian-devel and debian-perl
>
> Hi,
>
> The security issue known as CVE-2009-3560 [1] has been fixed in expats
> source code some time ago [2]. Now a Debian user informed [3] me, that
> the fix breaks parsing XML files with entities using Perls XM
3 matches
Mail list logo
