Centerim also embeds expat in libjabber. expat does xml parsing. I have confirmed that the fix for cve-2009-3720 has not been applied to the centerim sources. There is another associated expat vulnerability that might be present also but I have not investigated. They are both denial of services.Not sure how these would be triggered.
- Bug#559783: centerim also embeds a vulnerable expat (at lea... Silvio Cesare
- Bug#559783: centerim also embeds a vulnerable expat (a... Boris Petersen
