Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 179836 - old expat code included
old expat code included
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: w3c-libwww (Show other bugs)
4
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-02-03 05:01 EST by Patrice Dumas
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-22 08:56:00 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Patrice Dumas 2006-02-03 05:01:41 EST 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
w3c-libwww uses an old version of the expat library, with code included in modules/expat. I don't know if there are security issues that are not fixed in that library, but if it is the case, system expat should be used.

I haven't investigated, but I have seen that on the web:
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-12/0143.html

Version-Release number of selected component (if applicable):
w3c-libwww-5.4.0-15

How reproducible:
Always

Steps to Reproduce:
1. recompile w3c-libwww
2.
3.
  

Actual Results:  uses outdated libxmltok and libxmlparse (and install them...)

Additional info:
Comment 1 Christian Iseli 2007-01-22 06:48:33 EST 
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 2 Patrice Dumas 2007-01-22 08:56:00 EST 
This doesn't apply to current fedora product since w3c-libwww
is now in extras and this issue has been catched during the 
review.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.