21 Aug
2013
21 Aug
'13
2:02 a.m.
On Wed, 2013-08-21 at 03:48 +0200, Krzysztof KosiĆski wrote:
use libxml2's SAX parser
This sounds like the right direction to take considering the bug and the pickle we're in between the vuln and the support for xml made in other applications.
I only have three questions:
1. What difference (if any) in compile and/or run-time requirements 2. How messy would a transition be from the dom parser to libxml2? 3. How long would it take to do the transition?
Martin,