I cannot say which version because some files were removed, would be nice if upstream made it possible to use a system library though.
I wouldn't be sad if someone killed cl-albert.
(In reply to comment #1) > I wouldn't be sad if someone killed cl-albert. > Someone needs to fix it since it (may?) contain a security-vuln copy of expat. The time is near...
Looks like everybody agrees on this one. Reassigning to treecleaners.
CVE-2009-2625 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2625): Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework. ^ This is really a expat vuln, wrt bug 280615 CVE-2009-3560 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560): The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Removed from tree.
