Submitted By: Ken Moffat Date: 2009-09-16 Initial Package Version: 2.0.1 Upstream Status: Applied Origin: Upstream Description: Fixes for CVE-2009-2625 (infinite loop and application hang via malformed XML). The vulnerability was raised against Apache Xerces2 Java, but see e.g. https://bugs.gentoo.org/show_bug.cgi?id=280615 diff -Naur expat-2.0.1.orig/lib/xmlparse.c expat-2.0.1/lib/xmlparse.c --- expat-2.0.1.orig/lib/xmlparse.c 2007-05-08 03:25:35.000000000 +0100 +++ expat-2.0.1/lib/xmlparse.c 2009-09-16 14:20:02.000000000 +0100 @@ -2563,6 +2563,8 @@ (int)(dataPtr - (ICHAR *)dataBuf)); if (s == next) break; + if (ps_parsing == XML_FINISHED || ps_parsing == XML_SUSPENDED) + break; *eventPP = s; } } diff -Naur expat-2.0.1.orig/lib/xmltok_impl.c expat-2.0.1/lib/xmltok_impl.c --- expat-2.0.1.orig/lib/xmltok_impl.c 2006-11-26 17:34:46.000000000 +0000 +++ expat-2.0.1/lib/xmltok_impl.c 2009-09-16 14:20:05.000000000 +0100 @@ -1744,7 +1744,7 @@ const char *end, POSITION *pos) { - while (ptr != end) { + while (ptr < end) { switch (BYTE_TYPE(enc, ptr)) { #define LEAD_CASE(n) \ case BT_LEAD ## n: \