Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 179836 - old expat code included
Summary: old expat code included
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: w3c-libwww
Version: 4
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-02-03 10:01 UTC by Patrice Dumas
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-01-22 13:56:00 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Patrice Dumas 2006-02-03 10:01:41 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; fr; rv:1.7.12) Gecko/20050922 Fedora/1.0.7-1.1.fc4 Firefox/1.0.7

Description of problem:
w3c-libwww uses an old version of the expat library, with code included in modules/expat. I don't know if there are security issues that are not fixed in that library, but if it is the case, system expat should be used.

I haven't investigated, but I have seen that on the web:
http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-12/0143.html

Version-Release number of selected component (if applicable):
w3c-libwww-5.4.0-15

How reproducible:
Always

Steps to Reproduce:
1. recompile w3c-libwww
2.
3.
  

Actual Results:  uses outdated libxmltok and libxmlparse (and install them...)

Additional info:
Comment 1 Christian Iseli 2007-01-22 11:48:33 UTC 
This report targets the FC3 or FC4 products, which have now been EOL'd.

Could you please check that it still applies to a current Fedora release, and
either update the target product or close it ?

Thanks.
Comment 2 Patrice Dumas 2007-01-22 13:56:00 UTC 
This doesn't apply to current fedora product since w3c-libwww
is now in extras and this issue has been catched during the 
review.
Note You need to log in before you can comment on or make changes to this bug.