From: http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/dev-libs/expat/files/expat-2.0.1-CVE-2009-3560-revised.patch?revision=1.1

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3560
http://bugs.gentoo.org/show_bug.cgi?id=303727
http://cvs.fedoraproject.org/viewvc/rpms/expat/devel/

--- a/lib/xmlparse.c
+++ b/lib/xmlparse.c
@@ -3703,6 +3703,9 @@ doProlog(XML_Parser parser,
         return XML_ERROR_UNCLOSED_TOKEN;
       case XML_TOK_PARTIAL_CHAR:
         return XML_ERROR_PARTIAL_CHAR;
+      case -XML_TOK_PROLOG_S:
+        tok = -tok;
+        break;
       case XML_TOK_NONE:
 #ifdef XML_DTD
         /* for internal PE NOT referenced between declarations */