Anonymous avatar Anonymous committed 782a40f

- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).

Comments (0)

Files changed (2)

 
 (editors: check NEWS.help for information about editing NEWS using ReST.)
 
+What's New in Python 2.5.5c2?
+=============================
+
+*Release date: xx-xxx-2010*
+
+Extension Modules
+-----------------
+
+- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
+
+
 What's New in Python 2.5.5c1?
 =============================
 

Modules/expat/xmlparse.c

         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */
Tip: Filter by directory path e.g. /media app.js to search for public/media/app.js.
Tip: Use camelCasing e.g. ProjME to search for ProjectModifiedEvent.java.
Tip: Filter by extension type e.g. /repo .js to search for all .js files in the /repo directory.
Tip: Separate your search with spaces e.g. /ssh pom.xml to search for src/ssh/pom.xml.
Tip: Use ↑ and ↓ arrow keys to navigate and return to view the file.
Tip: You can also navigate files with Ctrl+j (next) and Ctrl+k (previous) and view the file with Ctrl+o.
Tip: You can also navigate files with Alt+j (next) and Alt+k (previous) and view the file with Alt+o.