Description: The fix for CVE-2009-3560 caused a regression. Parsing some external DTD definitions now fails. http://mail.libexpat.org/pipermail/expat-discuss/2009-December/002646.html Version: expat-1.95.8-8.3.el5_4.2
I created an entry on rt.cpan.org for XML-Parser as it has tests that fail when trying to use expat-1.95.8-8.3.el5_4.2, I linked to this bug. https://rt.cpan.org/Ticket/Display.html?id=54747 Also see: http://mail.libexpat.org/pipermail/expat-discuss/2009-December/thread.html http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=561658 http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166 http://expat.cvs.sourceforge.net/viewvc/expat/expa/lib/xmlparse.c?view=log#rev1.166 http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.166&view=patch Version: expat-1.95.8-8.3.el5_4.2 Thanks.
I have a fairly large deployment of redhat systems waiting on this as well. I haven't called this into RedHat as I see the public bug already matches what I would call in.
Peter: I do not think there is a bug in XML::Parser here that needs to be reported upstream. With the fix for the regression applied, the test suite does pass again.
Joe: You are correct that a bug in XML::Parser does not need to be reported upstream. I attempted to make the rt.cpan.org ticket entry I created: https://rt.cpan.org/Ticket/Display.html?id=54747 a pointer to this bug, and not a bug report in itself.
*** Bug 573035 has been marked as a duplicate of this bug. ***
I'm having the same problems here - this is critical for me, I have large applications built around Frontier::Daemon which relies on CPAN XML::Parser. Any progress?
With RHEL 5.5, the previous (working) version is no longer easily available with "yum downgrade".