Skip to content

Commit b8ec8a4

Browse files
committed
- expat: Fix DoS via malformed XML (CVE-2009-3720).
1 parent 166f808 commit b8ec8a4

File tree

2 files changed

+3
-2
lines changed

2 files changed

+3
-2
lines changed

Misc/NEWS

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,8 @@ What's New in Python 2.5.5c2?
1212
Extension Modules
1313
-----------------
1414

15-
- Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
15+
- expat: Fix DoS via XML document with malformed UTF-8 sequences (CVE_2009_3560).
16+
- expat: Fix DoS via malformed XML (CVE-2009-3720).
1617

1718

1819
What's New in Python 2.5.5c1?

Modules/expat/xmltok_impl.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1741,7 +1741,7 @@ PREFIX(updatePosition)(const ENCODING *enc,
17411741
const char *end,
17421742
POSITION *pos)
17431743
{
1744-
while (ptr != end) {
1744+
while (ptr < end) {
17451745
switch (BYTE_TYPE(enc, ptr)) {
17461746
#define LEAD_CASE(n) \
17471747
case BT_LEAD ## n: \

0 commit comments

Comments
 (0)