MDVSA-2009:219-1

Package name

kompozer

Date

2009-12-06

Advisory ID

MDVSA-2009:219-1

Affected versions

2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).

Additionally on 2009.0 a patch was added to prevent kompozer from
crashing (#44830), on 2009.1 a format string patch was added to make
it build with the -Wformat -Werror=format-security gcc optimization
switch added in 2009.1

This update fixes these issues.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 a3cbe341c540bccc0badddf8d8108904  2008.0/i586/kompozer-0.7.10-1.1mdv2008.0.i586.rpm
 b93522273b45f22f40ac9e6a2e68ca5b  2008.0/i586/kompozer-devel-0.7.10-1.1mdv2008.0.i586.rpm 
 09fca5488b64736059dc13372f61445f  2008.0/SRPMS/kompozer-0.7.10-1.1mdv2008.0.src.rpm

2008.0 x86_64

 a82499ea4a1616f4404f2b7d19e4b481  2008.0/x86_64/kompozer-0.7.10-1.1mdv2008.0.x86_64.rpm
 7e04756146312ccff170636b036bda0d  2008.0/x86_64/kompozer-devel-0.7.10-1.1mdv2008.0.x86_64.rpm 
 09fca5488b64736059dc13372f61445f  2008.0/SRPMS/kompozer-0.7.10-1.1mdv2008.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
• https://bugs.gentoo.org/show_bug.cgi?id=280615