MDVSA-2009:219

Nom du paquet

kompozer

Date

2009-08-24

Advisory ID

MDVSA-2009:219

Affected versions

2009.0 x86_64 , 2009.0 i586 , 2009.1 i586 , 2009.1 x86_64

Problem description

A vulnerability was found in xmltok_impl.c (expat) that with
specially crafted XML could be exploited and lead to a denial of
service attack. Related to CVE-2009-2625 (CVE-2009-3720).

Additionally on 2009.0 a patch was added to prevent kompozer from
crashing (#44830), on 2009.1 a format string patch was added to make
it build with the -Wformat -Werror=format-security gcc optimization
switch added in 2009.1

This update fixes these issues.

Updated packages

2009.0 x86_64

 7f9547dc0af74f015ca28d57808f33d1  2009.0/x86_64/kompozer-0.7.10-3.2mdv2009.0.x86_64.rpm
 4767d2a9f5e400594edd33992b0cfa3f  2009.0/x86_64/kompozer-devel-0.7.10-3.2mdv2009.0.x86_64.rpm 
 70b15f82ad77d6fae7683bc7a76b73c6  2009.0/SRPMS/kompozer-0.7.10-3.2mdv2009.0.src.rpm

2009.0 i586

 40b57bb8609896b9f3414d394a2b80aa  2009.0/i586/kompozer-0.7.10-3.2mdv2009.0.i586.rpm
 2b3fad1cc94862007b46120467f1b32b  2009.0/i586/kompozer-devel-0.7.10-3.2mdv2009.0.i586.rpm 
 70b15f82ad77d6fae7683bc7a76b73c6  2009.0/SRPMS/kompozer-0.7.10-3.2mdv2009.0.src.rpm

2009.1 i586

 c6c2cc21a9332f629dd2406b1530a96a  2009.1/i586/kompozer-0.7.10-4.1mdv2009.1.i586.rpm
 b3a94128d547cfb70e357b5de7eecc9f  2009.1/i586/kompozer-devel-0.7.10-4.1mdv2009.1.i586.rpm 
 6f17fed53183c4b88697c94c3a15b544  2009.1/SRPMS/kompozer-0.7.10-4.1mdv2009.1.src.rpm

2009.1 x86_64

 9238d4b652f3bffbdfb353a362ba12b8  2009.1/x86_64/kompozer-0.7.10-4.1mdv2009.1.x86_64.rpm
 3dd34e69b846d39843dc759c9977a525  2009.1/x86_64/kompozer-devel-0.7.10-4.1mdv2009.1.x86_64.rpm 
 6f17fed53183c4b88697c94c3a15b544  2009.1/SRPMS/kompozer-0.7.10-4.1mdv2009.1.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3720
• https://bugs.gentoo.org/show_bug.cgi?id=280615