Bug 179836 - old expat code included
Summary: old expat code included
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: w3c-libwww
Version: 4
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact:
URL:
Whiteboard:
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-02-03 10:01 UTC by Patrice Dumas
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

(edit)
Clone Of:
(edit)
Last Closed: 2007-01-22 13:56:00 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Patrice Dumas 2006-02-03 10:01:41 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
w3c-libwww uses an old version of the expat library, with code included in modules/expat. I don't know if there are security issues that are not fixed in that library, but if it is the case, system expat should be used.

I haven't investigated, but I have seen that on the web:
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-12/0143.html

Version-Release number of selected component (if applicable):
w3c-libwww-5.4.0-15

How reproducible:
Always

Steps to Reproduce:
1. recompile w3c-libwww
2.
3.
  

Actual Results:  uses outdated libxmltok and libxmlparse (and install them...)

Additional info:
Comment 1 Christian Iseli 2007-01-22 11:48:33 UTC 
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 2 Patrice Dumas 2007-01-22 13:56:00 UTC 
This doesn't apply to current fedora product since w3c-libwww
is now in extras and this issue has been catched during the 
review.
Note You need to log in before you can comment on or make changes to this bug.