Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 4 product line. The current stable release is 4.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 556422

Summary: Regression in fix for CVE-2009-3560 [rhel-4]
Product: Red Hat Enterprise Linux 4 Reporter: Tomas Hoger <thoger>
Component: expatAssignee: Joe Orton <jorton>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: medium Docs Contact:
Priority: urgent    
Version: 4.8CC: jwest, psplicha
Target Milestone: rcKeywords: Regression, ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 556415
: 556424 (view as bug list) Environment:
Last Closed: 2012-06-14 20:42:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 556415    
Bug Blocks: 556424, 618745    

Description Tomas Hoger 2010-01-18 11:14:30 UTC
+++ This bug was initially created as a clone of Bug #556415 +++

Description:
The fix for CVE-2009-3560 caused a regression.

Parsing some external DTD definitions now fails.

http://mail.libexpat.org/pipermail/expat-discuss/2009-December/002646.html

Version:
expat-1.95.8-8.3.el5_4.2

Same applies to EL4 and EL3 versions.