Red Hat Bugzilla – Bug 556415
Regression in fix for CVE-2009-3560 [rhel-5]
Last modified: 2013-09-23 07:18:16 EDT
The fix for CVE-2009-3560 caused a regression.
Parsing some external DTD definitions now fails.
I created an entry on rt.cpan.org for XML-Parser as it has tests that fail when trying to use expat-1.95.8-8.3.el5_4.2, I linked to this bug.
I have a fairly large deployment of redhat systems waiting on this as well. I haven't called this into RedHat as I see the public bug already matches what I would call in.
Peter: I do not think there is a bug in XML::Parser here that needs to be reported upstream. With the fix for the regression applied, the test suite does pass again.
Joe: You are correct that a bug in XML::Parser does not need to be reported upstream. I attempted to make the rt.cpan.org ticket entry I created:
a pointer to this bug, and not a bug report in itself.
*** Bug 573035 has been marked as a duplicate of this bug. ***
I'm having the same problems here - this is critical for me, I have large applications built around Frontier::Daemon which relies on CPAN XML::Parser.
With RHEL 5.5, the previous (working) version is no longer easily available with "yum downgrade".