Skip to content

Commit 166f808

Browse files
doko42doko42
committed
- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
1 parent 8cd94b4 commit 166f808

File tree

2 files changed

+14
-0
lines changed

2 files changed

+14
-0
lines changed

Misc/NEWS

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,17 @@ Python News
44

55
(editors: check NEWS.help for information about editing NEWS using ReST.)
66

7+
What's New in Python 2.5.5c2?
8+
=============================
9+
10+
*Release date: xx-xxx-2010*
11+
12+
Extension Modules
13+
-----------------
14+
15+
- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
16+
17+
718
What's New in Python 2.5.5c1?
819
=============================
920

Modules/expat/xmlparse.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3682,6 +3682,9 @@ doProlog(XML_Parser parser,
36823682
return XML_ERROR_UNCLOSED_TOKEN;
36833683
case XML_TOK_PARTIAL_CHAR:
36843684
return XML_ERROR_PARTIAL_CHAR;
3685+
case -XML_TOK_PROLOG_S:
3686+
tok = -tok;
3687+
break;
36853688
case XML_TOK_NONE:
36863689
#ifdef XML_DTD
36873690
/* for internal PE NOT referenced between declarations */

0 commit comments

Comments
 (0)