Description of problem: udinits2 contains an old embedded version of the expat xml parsing library. Code inspection shows this embedded copy is vulnerable to CVE-2009-3720 and possibly other issues. Version-Release number of selected component (if applicable): Version: 2.1.11 Release: 1.dc13 Additional info: The CVE https://bugzilla.redhat.com/show_bug.cgi?id=531697 Ideally, the best solution is to link in the system expat library and not use the embedded copy. This would help prevent these types of security issues from reoccuring. I have marked this issue as a security issue due to the fact that a CVE was assigned to expat. I have not investigated how this vulnerability would be triggered by udunits2.
udunits2-2.1.19-1.fc13 has been submitted as an update for Fedora 13. https://admin.fedoraproject.org/updates/udunits2-2.1.19-1.fc13
udunits2-2.1.19-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/udunits2-2.1.19-1.fc14
udunits2-2.1.19-1.el5.1 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/udunits2-2.1.19-1.el5.1
udunits2-2.1.19-1.el5.1 has been pushed to the Fedora EPEL 5 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update udunits2'. You can provide feedback for this update here: https://admin.fedoraproject.org/updates/udunits2-2.1.19-1.el5.1
udunits2-2.1.19-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
udunits2-2.1.19-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
udunits2-2.1.19-1.el5.1 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.