diff options
| author | Giuseppe Iuculano <iuculano@debian.org> | 2010-01-29 12:15:45 +0100 |
|---|---|---|
| committer | git-ubuntu importer <ubuntu-devel-discuss@lists.ubuntu.com> | 2010-06-26 20:08:30 +0000 |
| commit | 72cbd311a45ee183c8c2df14dd5cbeebfb4b0c33 (patch) | |
| tree | 410950bde4dec2b3a8e56119eb1ab929ad204f6e | |
| parent | 60c418edb9a7ffe48b11e987aede90447fdbc5e0 (diff) | |
2.9.1-2+lenny1 (patches unapplied)import/2.9.1-2+lenny1debian/lenny
Imported using git-ubuntu import.
Notes
Notes:
* Non-maintainer upload by the Security Team.
* Fixed CVE-2009-2625: denial of service (infinite loop and application hang)
via malformed XML input (Closes: #548358)
| -rw-r--r-- | debian/changelog | 8 | ||||
| -rw-r--r-- | debian/patches/04_CVE-2009-2625.patch | 20 |
2 files changed, 28 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 827599e..a06f68b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +libxerces2-java (2.9.1-2+lenny1) stable-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Fixed CVE-2009-2625: denial of service (infinite loop and application hang) + via malformed XML input (Closes: #548358) + + -- Giuseppe Iuculano <iuculano@debian.org> Fri, 29 Jan 2010 12:15:45 +0100 + libxerces2-java (2.9.1-2) unstable; urgency=low * Build-Depends on default-jdk-builddep. Closes: #477892 diff --git a/debian/patches/04_CVE-2009-2625.patch b/debian/patches/04_CVE-2009-2625.patch new file mode 100644 index 0000000..18a844c --- /dev/null +++ b/debian/patches/04_CVE-2009-2625.patch @@ -0,0 +1,20 @@ +CVE-2009-2625 +diff --git a/src/org/apache/xerces/impl/XMLScanner.java b/src/org/apache/xerces/impl/XMLScanner.java +index a64ce11..1abca0e 100644 +--- a/src/org/apache/xerces/impl/XMLScanner.java ++++ b/src/org/apache/xerces/impl/XMLScanner.java +@@ -1027,6 +1027,14 @@ public abstract class XMLScanner + if (XMLChar.isMarkup(c) || c == ']') { + fStringBuffer.append((char)fEntityScanner.scanChar()); + } ++ else if (XMLChar.isHighSurrogate(c)) { ++ scanSurrogates(fStringBuffer); ++ } ++ else if (isInvalidLiteral(c)) { ++ reportFatalError("InvalidCharInSystemID", ++ new Object[] { Integer.toHexString(c) }); ++ fEntityScanner.scanChar(); ++ } + } while (fEntityScanner.scanLiteral(quote, ident) != quote); + fStringBuffer.append(ident); + ident = fStringBuffer; |
