Red Hat Bugzilla – Bug 179836
old expat code included
Last modified: 2007-11-30 17:11:22 EST
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7 Description of problem: w3c-libwww uses an old version of the expat library, with code included in modules/expat. I don't know if there are security issues that are not fixed in that library, but if it is the case, system expat should be used. I haven't investigated, but I have seen that on the web: http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-12/0143.html Version-Release number of selected component (if applicable): w3c-libwww-5.4.0-15 How reproducible: Always Steps to Reproduce: 1. recompile w3c-libwww 2. 3. Actual Results: uses outdated libxmltok and libxmlparse (and install them...) Additional info:
This report targets the FC3 or FC4 products, which have now been EOL'd. Could you please check that it still applies to a current Fedora release, and either update the target product or close it ? Thanks.
This doesn't apply to current fedora product since w3c-libwww is now in extras and this issue has been catched during the review.