Bug 179836 - old expat code included
old expat code included
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: w3c-libwww (Show other bugs)
4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-03 05:01 EST by Patrice Dumas
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-22 08:56:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Patrice Dumas 2006-02-03 05:01:41 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
w3c-libwww uses an old version of the expat library, with code included in modules/expat. I don't know if there are security issues that are not fixed in that library, but if it is the case, system expat should be used.

I haven't investigated, but I have seen that on the web:
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-12/0143.html

Version-Release number of selected component (if applicable):
w3c-libwww-5.4.0-15

How reproducible:
Always

Steps to Reproduce:
1. recompile w3c-libwww
2.
3.
  

Actual Results:  uses outdated libxmltok and libxmlparse (and install them...)

Additional info:
Comment 1 Christian Iseli 2007-01-22 06:48:33 EST
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 2 Patrice Dumas 2007-01-22 08:56:00 EST
This doesn't apply to current fedora product since w3c-libwww
is now in extras and this issue has been catched during the 
review.

Note You need to log in before you can comment on or make changes to this bug.