Bug 556415 - Regression in fix for CVE-2009-3560 [rhel-5]
Regression in fix for CVE-2009-3560 [rhel-5]
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: expat (Show other bugs)
All Linux
urgent Severity medium
: rc
: ---
Assigned To: Joe Orton
BaseOS QE - Apps
: Regression, ZStream
: 573035 (view as bug list)
Depends On:
Blocks: 556422 556424 556427 618744
  Show dependency treegraph
Reported: 2010-01-18 05:48 EST by Joe Orton
Modified: 2013-09-23 07:18 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 556422 556427 (view as bug list)
Last Closed: 2013-09-23 07:18:16 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Joe Orton 2010-01-18 05:48:18 EST
The fix for CVE-2009-3560 caused a regression.

Parsing some external DTD definitions now fails.


Comment 5 Jerry Uanino 2010-02-18 08:00:54 EST
I have a fairly large deployment of redhat systems waiting on this as well.  I haven't called  this into RedHat as I see the public bug already matches what I would call in.
Comment 7 Joe Orton 2010-02-18 12:09:42 EST
Peter: I do not think there is a bug in XML::Parser here that needs to be reported upstream.  With the fix for the regression applied, the test suite does pass again.
Comment 8 Peter Edwards 2010-02-18 12:36:00 EST
Joe: You are correct that a bug in XML::Parser does not need to be reported upstream.  I attempted to make the rt.cpan.org ticket entry I created:


a pointer to this bug, and not a bug report in itself.
Comment 9 Joe Orton 2010-03-17 10:07:32 EDT
*** Bug 573035 has been marked as a duplicate of this bug. ***
Comment 10 Tony Howat 2010-05-27 07:27:22 EDT
I'm having the same problems here - this is critical for me, I have large applications built around Frontier::Daemon which relies on CPAN XML::Parser. 

Any progress?
Comment 14 lindahl 2010-07-01 19:17:19 EDT
With RHEL 5.5, the previous (working) version is no longer easily available with "yum downgrade".

Note You need to log in before you can comment on or make changes to this bug.