From: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/expat/files/expat-2.0.1-CVE-2009-3560-revised.patch?revision=1.1 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560 http://bugs.gentoo.org/show_bug.cgi?id=303727 http://cvs.fedoraproject.org/viewvc/rpms/expat/devel/ --- a/lib/xmlparse.c +++ b/lib/xmlparse.c @@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser, return XML_ERROR_UNCLOSED_TOKEN; case XML_TOK_PARTIAL_CHAR: return XML_ERROR_PARTIAL_CHAR; + case -XML_TOK_PROLOG_S: + tok = -tok; + break; case XML_TOK_NONE: #ifdef XML_DTD /* for internal PE NOT referenced between declarations */