CVE-2009-3560 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560): The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.
+*expat-2.0.1-r3 (17 Feb 2010) + + 17 Feb 2010; Samuli Suominen <ssuominen@gentoo.org> + +expat-2.0.1-r3.ebuild, +files/expat-2.0.1-CVE-2009-3560-revised.patch: + Revision bump for security #303727 (CVE-2009-3560).
Adding arch's
Stable for HPPA.
x86 stable
sparc stable
ppc64 done
alpha/arm/ia64/m68k/s390/sh/sparc stable
amd64 stable
Marked ppc stable.
GLSA together with bug 280615 I guess.
This issue was resolved and addressed in GLSA 201209-06 at http://security.gentoo.org/glsa/glsa-201209-06.xml by GLSA coordinator Sean Amoss (ackle).