Michael Gilbert wrote:
> The following CVE (Common Vulnerabilities & Exposures) ids were
> published for expat. I have determined that this package embeds a
> vulnerable copy of xmlparse.c and xmltok_impl.c. However, since this is
> a mass bug filing (due to so many packages embedding expat), I have
> not had time to determine whether the vulnerable code is actually
> present in any of the binary packages derived from this source package.
> Please determine whether this is the case. If the binary packages are
> not affected, please feel free to close the bug with a message
> containing the details of what you did to check.
According to the FAQ Swish prefers libxml for parsing if it's
linked, while the included Expat copy is mostly a fallback for systems
without libxml available.
Ludovic, can you confirm? If so, we can close the bug.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
