1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
#! /bin/sh -e
dir=
if [ $# -eq 3 -a "$2" = '-d' ]; then
pdir="-d $3"
dir="$3/"
elif [ $# -ne 1 ]; then
echo >&2 "usage: `basename $0`: -patch|-unpatch [-d <srcdir>]"
exit 1
fi
case "$1" in
-patch)
patch $pdir -f --no-backup-if-mismatch -p0 < $0
;;
-unpatch)
patch $pdir -f --no-backup-if-mismatch -R -p0 < $0
;;
*)
echo >&2 "usage: `basename $0`: -patch|-unpatch [-d <srcdir>]"
exit 1
esac
exit 0
## 551936_CVE_2009_2625.dpatch by Daniel Leidert (dale) <daniel.leidert@wgdd.de>
## (which actually addresses CVE-2009-3720, not CVE-2009-2625)
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: A vulnarability allows remote attackers to cause a denial of service
## DP: infinite loop and application hang) via malformed XML input.
## DP:
## DP: <URL:http://bugs.debian.org/551936>
## DP: <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2625>
## DP: <URL:http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.15&r2=1.13>
diff -urNad Modules/expat/xmltok_impl.c Modules/expat/xmltok_impl.c
--- Modules/expat/xmltok_impl.c 2006-11-26 18:34:46.000000000 +0100
+++ Modules/expat/xmltok_impl.c 2009-10-22 21:42:41.000000000 +0200
@@ -1744,7 +1744,7 @@
const char *end,
POSITION *pos)
{
- while (ptr != end) {
+ while (ptr < end) {
switch (BYTE_TYPE(enc, ptr)) {
#define LEAD_CASE(n) \
case BT_LEAD ## n: \
|
