[Python-checkins] r77665 - in python/branches/release25-maint: Misc/NEWS Modules/expat/xmlparse.c
matthias.klose
python-checkins at python.org
Thu Jan 21 18:41:47 CET 2010
Author: matthias.klose
Date: Thu Jan 21 18:41:47 2010
New Revision: 77665
Log:
- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
Modified:
python/branches/release25-maint/Misc/NEWS
python/branches/release25-maint/Modules/expat/xmlparse.c
Modified: python/branches/release25-maint/Misc/NEWS
==============================================================================
--- python/branches/release25-maint/Misc/NEWS (original)
+++ python/branches/release25-maint/Misc/NEWS Thu Jan 21 18:41:47 2010
@@ -4,6 +4,17 @@
(editors: check NEWS.help for information about editing NEWS using ReST.)
+What's New in Python 2.5.5c2?
+=============================
+
+*Release date: xx-xxx-2010*
+
+Extension Modules
+-----------------
+
+- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+
+
What's New in Python 2.5.5c1?
=============================
Modified: python/branches/release25-maint/Modules/expat/xmlparse.c
==============================================================================
--- python/branches/release25-maint/Modules/expat/xmlparse.c (original)
+++ python/branches/release25-maint/Modules/expat/xmlparse.c Thu Jan 21 18:41:47 2010
@@ -3682,6 +3682,9 @@
return XML_ERROR_UNCLOSED_TOKEN;
case XML_TOK_PARTIAL_CHAR:
return XML_ERROR_PARTIAL_CHAR;
+ case -XML_TOK_PROLOG_S:
+ tok = -tok;
+ break;
case XML_TOK_NONE:
#ifdef XML_DTD
/* for internal PE NOT referenced between declarations */
More information about the Python-checkins
mailing list