It was found that LuaExpat, a SAX XML parser based on the Expat library,
is prone to XML "billion laughs attack", as described in:
A remote attacker could provide a specially-crafted XML file, which
once opened in an application, linked against LuaExpat, could cause
that application to crash.
The updates for lua-expat package, as shipped with Fedora release of 14 and 15,
and as shipped within EPEL-5 and EPEL-6 repositories, addressing this issue,
has been already scheduled. Relevant name-version-releases of those are:
1) lua-expat-1.2.0-1.fc14 for F-14,
2) lua-expat-1.2.0-1.fc15 for F-15,
3) lua-expat-1.2.0-1.el5 for EPEL-5,
4) lua-expat-1.2.0-1.el6 for EPEL-6.
This issue affects the version of the lua-expat package, as shipped with
Fedora release of 13. Please schedule an update.
Created lua-expat tracking bugs for this issue
Affects: fedora-13 [bug 711029]
The CVE identifier of CVE-2011-2188 has been assigned to this issue:
F-13 is EOL so closing.