MDVSA-2009:214

Nom du paquet

python-celementtree

Date

2009-08-23

Advisory ID

MDVSA-2009:214

Affected versions

2009.0 x86_64 , 2009.1 i586 , 2009.0 i586 , 2008.1 i586 , 2008.1 x86_64 , 2009.1 x86_64

Problem description

A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).

This update fixes this vulnerability.

Updated packages

2009.0 x86_64

 17795f99905af34bad76a8d2fc2b02eb  2009.0/x86_64/python-celementtree-1.0.5-2.1mdv2009.0.x86_64.rpm 
 25cd8c8679882ffaabcd850dd639d364  2009.0/SRPMS/python-celementtree-1.0.5-2.1mdv2009.0.src.rpm

2009.1 i586

 a6c4cef36fe185a2ccf0de9e94cba322  2009.1/i586/python-celementtree-1.0.5-3.1mdv2009.1.i586.rpm 
 0759b2367936a7efc9a271e7abcb9399  2009.1/SRPMS/python-celementtree-1.0.5-3.1mdv2009.1.src.rpm

2009.0 i586

 c98400bef6a5fd43644a68defb0685d2  2009.0/i586/python-celementtree-1.0.5-2.1mdv2009.0.i586.rpm 
 25cd8c8679882ffaabcd850dd639d364  2009.0/SRPMS/python-celementtree-1.0.5-2.1mdv2009.0.src.rpm

2008.1 i586

 0de8d49fc12ae83ec3e9c57d9ea194c1  2008.1/i586/python-celementtree-1.0.5-2.1mdv2008.1.i586.rpm 
 d20e7fba969cdea88b0f81b17bf82c0a  2008.1/SRPMS/python-celementtree-1.0.5-2.1mdv2008.1.src.rpm

2008.1 x86_64

 9170e96b8163d79b976dc550ad36a2fe  2008.1/x86_64/python-celementtree-1.0.5-2.1mdv2008.1.x86_64.rpm 
 d20e7fba969cdea88b0f81b17bf82c0a  2008.1/SRPMS/python-celementtree-1.0.5-2.1mdv2008.1.src.rpm

2009.1 x86_64

 a19806476081fad1366d393f1b8bf7c4  2009.1/x86_64/python-celementtree-1.0.5-3.1mdv2009.1.x86_64.rpm 
 0759b2367936a7efc9a271e7abcb9399  2009.1/SRPMS/python-celementtree-1.0.5-3.1mdv2009.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
• https://bugs.gentoo.org/show_bug.cgi?id=280615