Hello community, here is the log from the commit of package expat for openSUSE:Factory checked in at Tue Dec 8 10:10:43 CET 2009. -------- --- expat/expat.changes 2009-10-29 14:22:00.000000000 +0100 +++ /mounts/work_src_done/STABLE/expat/expat.changes 2009-12-04 15:44:16.000000000 +0100 @@ -1,0 +2,5 @@ +Fri Dec 4 15:43:29 CET 2009 - prusnak@suse.cz + +- fix DoS (CVE-2009-3560.patch) [bnc#558892] + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- expat-CVE-2009-3560.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ expat.spec ++++++ --- /var/tmp/diff_new_pack.vnTKnI/_old 2009-12-08 10:07:42.000000000 +0100 +++ /var/tmp/diff_new_pack.vnTKnI/_new 2009-12-08 10:07:42.000000000 +0100 @@ -20,7 +20,7 @@ Name: expat Version: 2.0.1 -Release: 91 +Release: 92 Group: Development/Libraries/C and C++ License: MIT License (or similar) Url: http://expat.sourceforge.net/ @@ -33,6 +33,7 @@ Source0: %{name}-%{version}.tar.bz2 Source1: %{name}faq.html Patch0: %{name}-CVE-2009-2625.patch +Patch1: %{name}-CVE-2009-3560.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gcc-c++ @@ -142,6 +143,7 @@ %prep %setup -q %patch0 +%patch1 cp %{S:1} . rm -f examples/*.dsp ++++++ expat-CVE-2009-2625.patch ++++++ --- /var/tmp/diff_new_pack.vnTKnI/_old 2009-12-08 10:07:42.000000000 +0100 +++ /var/tmp/diff_new_pack.vnTKnI/_new 2009-12-08 10:07:42.000000000 +0100 @@ -1,8 +1,10 @@ http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15 ---- lib/xmltok_impl.c +Index: lib/xmltok_impl.c +=================================================================== +--- lib/xmltok_impl.c.orig +++ lib/xmltok_impl.c -@@ -1744,7 +1744,7 @@ +@@ -1744,7 +1744,7 @@ PREFIX(updatePosition)(const ENCODING *e const char *end, POSITION *pos) { ++++++ expat-CVE-2009-3560.patch ++++++ http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165 Index: lib/xmlparse.c =================================================================== --- lib/xmlparse.c.orig +++ lib/xmlparse.c @@ -3725,7 +3725,6 @@ doProlog(XML_Parser parser, return XML_ERROR_NO_ELEMENTS; default: tok = -tok; - next = end; break; } } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org