1
#! /bin/sh /usr/share/dpatch/dpatch-run
2
## 560901_CVE_2009_3560.dpatch by Daniel Leidert (dale) <daniel.leidert@wgdd.de>
4
## All lines beginning with `## DP:' are a description of the patch.
5
## DP: The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as
6
## DP: used in the XML-Twig module for Perl, allows context-dependent attackers
7
## DP: to cause a denial of service (application crash) via an XML document
8
## DP: with malformed UTF-8 sequences that trigger a buffer over-read, related
9
## DP: to the doProlog function in lib/xmlparse.c, a different vulnerability
10
## DP: than CVE-2009-2625 and CVE-2009-3720.
12
## DP: <URL:http://bugs.debian.org/560901>
13
## DP: <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3560>
14
## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165>
15
## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165>
18
diff -urNad lenny~/lib/xmlparse.c lenny/lib/xmlparse.c
19
--- lenny~/lib/xmlparse.c 2007-05-08 04:25:35.000000000 +0200
20
+++ lenny/lib/xmlparse.c 2009-12-13 11:39:18.671629559 +0100
22
return XML_ERROR_NO_ELEMENTS;