← Back to branch summary

~ubuntu-branches/ubuntu/natty/expat/natty-security

« back to all changes in this revision

Viewing changes to debian/patches/551936_CVE_2009_2625.dpatch

  • Committer: Bazaar Package Importer
  • Author(s): Jamie Strandboge
  • Date: 2010-01-19 09:59:07 UTC
  • mfrom: (5.1.3 sid)
  • Revision ID: james.westby@ubuntu.com-20100119095907-cwnv05hq3cp0y1xp
Tags: 2.0.1-7ubuntu1
* Merge from Debian testing. Remaining changes:
  - Install run-time libraries into /lib rather than /usr/lib, since
    dbus-daemon is in /bin and links to libexpat.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/551936_CVE_2009_2625.dpatch
 
1
#! /bin/sh /usr/share/dpatch/dpatch-run
 
2
## 551936_CVE_2009_2625.dpatch by Daniel Leidert (dale) <daniel.leidert@wgdd.de>
 
3
##
 
4
## All lines beginning with `## DP:' are a description of the patch.
 
5
## DP: A vulnarability allows remote attackers to cause a denial of service
 
6
## DP: infinite loop and application hang) via malformed XML input.
 
7
## DP:
 
8
## DP: <URL:http://bugs.debian.org/551936>
 
9
## DP: <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625>
 
10
## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.15&r2=1.13>
 
11
 
 
12
@DPATCH@
 
13
diff -urNad trunk~/lib/xmltok_impl.c trunk/lib/xmltok_impl.c
 
14
--- trunk~/lib/xmltok_impl.c    2006-11-26 18:34:46.000000000 +0100
 
15
+++ trunk/lib/xmltok_impl.c     2009-10-22 21:42:41.000000000 +0200
 
16
@@ -1744,7 +1744,7 @@
 
17
                        const char *end,
 
18
                        POSITION *pos)
 
19
 {
 
20
-  while (ptr != end) {
 
21
+  while (ptr < end) {
 
22
     switch (BYTE_TYPE(enc, ptr)) {
 
23
 #define LEAD_CASE(n) \
 
24
     case BT_LEAD ## n: \