Not so nice at all.
(In reply to comment #0)
> Not so nice at all.
Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in
JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20,
and in other products, allows remote attackers to cause a denial of
service (infinite loop and application hang) via malformed XML input,
as demonstrated by the Codenomicon XML fuzzing framework.
^ This is really a expat vuln, wrt bug 280615
The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1,
as used in the XML-Twig module for Perl, allows context-dependent
attackers to cause a denial of service (application crash) via an XML
document with malformed UTF-8 sequences that trigger a buffer
over-read, related to the doProlog function in lib/xmlparse.c, a
different vulnerability than CVE-2009-2625 and CVE-2009-3720.
Seemant, you are marked listed in metadata.xml as proxy-maintainer.
Lastrite, or fix?