Commits

Matthias Klose  committed 782a40f

- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).

  • Participants
  • Parent commits c76d41e
  • Branches 2.5

Comments (0)

Files changed (2)

 
 (editors: check NEWS.help for information about editing NEWS using ReST.)
 
+What's New in Python 2.5.5c2?
+=============================
+
+*Release date: xx-xxx-2010*
+
+Extension Modules
+-----------------
+
+- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+
+
 What's New in Python 2.5.5c1?
 =============================
 

File Modules/expat/xmlparse.c

         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */