http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560 http://bugs.gentoo.org/show_bug.cgi?id=303727 http://cvs.fedoraproject.org/viewvc/rpms/expat/devel/ --- lib/xmlparse.c +++ lib/xmlparse.c @@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser, return XML_ERROR_UNCLOSED_TOKEN; case XML_TOK_PARTIAL_CHAR: return XML_ERROR_PARTIAL_CHAR; + case -XML_TOK_PROLOG_S: + tok = -tok; + break; case XML_TOK_NONE: #ifdef XML_DTD /* for internal PE NOT referenced between declarations */