summaryrefslogtreecommitdiff
diff options
authorGiuseppe Iuculano <iuculano@debian.org>2010-01-29 12:15:45 +0100
committergit-ubuntu importer <ubuntu-devel-discuss@lists.ubuntu.com>2010-06-26 20:08:30 +0000
commit72cbd311a45ee183c8c2df14dd5cbeebfb4b0c33 (patch)
tree410950bde4dec2b3a8e56119eb1ab929ad204f6e
parent60c418edb9a7ffe48b11e987aede90447fdbc5e0 (diff)
2.9.1-2+lenny1 (patches unapplied)import/2.9.1-2+lenny1debian/lenny
Imported using git-ubuntu import.
Notes
Notes: * Non-maintainer upload by the Security Team. * Fixed CVE-2009-2625: denial of service (infinite loop and application hang) via malformed XML input (Closes: #548358)
-rw-r--r--debian/changelog8
-rw-r--r--debian/patches/04_CVE-2009-2625.patch20
2 files changed, 28 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 827599e..a06f68b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+libxerces2-java (2.9.1-2+lenny1) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2009-2625: denial of service (infinite loop and application hang)
+ via malformed XML input (Closes: #548358)
+
+ -- Giuseppe Iuculano <iuculano@debian.org> Fri, 29 Jan 2010 12:15:45 +0100
+
libxerces2-java (2.9.1-2) unstable; urgency=low
* Build-Depends on default-jdk-builddep. Closes: #477892
diff --git a/debian/patches/04_CVE-2009-2625.patch b/debian/patches/04_CVE-2009-2625.patch
new file mode 100644
index 0000000..18a844c
--- /dev/null
+++ b/debian/patches/04_CVE-2009-2625.patch
@@ -0,0 +1,20 @@
+CVE-2009-2625
+diff --git a/src/org/apache/xerces/impl/XMLScanner.java b/src/org/apache/xerces/impl/XMLScanner.java
+index a64ce11..1abca0e 100644
+--- a/src/org/apache/xerces/impl/XMLScanner.java
++++ b/src/org/apache/xerces/impl/XMLScanner.java
+@@ -1027,6 +1027,14 @@ public abstract class XMLScanner
+ if (XMLChar.isMarkup(c) || c == ']') {
+ fStringBuffer.append((char)fEntityScanner.scanChar());
+ }
++ else if (XMLChar.isHighSurrogate(c)) {
++ scanSurrogates(fStringBuffer);
++ }
++ else if (isInvalidLiteral(c)) {
++ reportFatalError("InvalidCharInSystemID",
++ new Object[] { Integer.toHexString(c) });
++ fEntityScanner.scanChar();
++ }
+ } while (fEntityScanner.scanLiteral(quote, ident) != quote);
+ fStringBuffer.append(ident);
+ ident = fStringBuffer;