Opened 15 years ago

Closed 3 years ago

#116 closed defect (outdated)

Apply patch against crash in UTF-8 parser in Expat (CVE-2009-2625)

Reported by: rouault Owned by: osgeo4w-dev@…
Priority: major Component: Package
Version: Keywords: expat


A security hole has been discovered in Expat 2.0.1 that make it crash on invalid UTF8 sequences. The fix is in upstream Expat( and has been backported to Linux distros :,

Change History (3)

comment:1 by tamas, 14 years ago

Is this the only location where this problem may arise? I see a couple of places similar to this in the affected file.

comment:2 by rouault, 14 years ago

I'll usually trust Linux distro and security researchers for places to patch. Actually, When looking at, I see there's also an extra patch for another expat CVE that should be applied. So the 2 are :

comment:3 by jef, 3 years ago

Resolution: outdated
Status: newclosed
Note: See TracTickets for help on using tickets.