oss-sec mailing list archives
Re: Regarding expat bug 1990430
From: Marc Schoenefeld <mschoene () redhat com>
Date: Thu, 22 Oct 2009 16:04:37 +0200
Jan Lieskovsky wrote:
Hello Steve, vendors,
[...]
a, Does Apache Xerces2 Java contain embedded copy ot the expat
library (i.e. it's
completely the same issue as in expat, w3c-libwww, PyXML and
others) - Marc
could you help to reply this question?
Hi, the upstream patch for CVE-2009-2625 for xerces-j2 is java-only [1] and unrelated to fixes in other native C parsing libraries. Regards Marc [1] http://svn.apache.org/viewvc/xerces/java/trunk/src/org/apache/xerces/impl/XMLScanner.java?r1=572055&r2=787352&pathrev=787353&diff_format=h -- Marc Schoenefeld / Red Hat Security Response Team
Current thread:
- Regarding expat bug 1990430 Jan Lieskovsky (Oct 22)
- Re: Regarding expat bug 1990430 Marc Schoenefeld (Oct 22)
- Re: Re: Regarding expat bug 1990430 Michael Gilbert (Oct 22)
- Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] Jan Lieskovsky (Oct 23)
- Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] CERT-FI Vulnerability Co-ordination (Oct 26)
- Re: CVE Request -- expat [was: Re: Regarding expat bug 1990430] Mark J Cox (Oct 28)
- Re: Re: Regarding expat bug 1990430 Michael Gilbert (Oct 22)
- Re: Regarding expat bug 1990430 Marc Schoenefeld (Oct 22)