xerces-c 3.1.1-5.1+deb8u4 source package in Debian
Changelog
xerces-c (3.1.1-5.1+deb8u4) jessie; urgency=medium * Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of Offensive Research discovered that the Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could conceivably result in remote code execution. -- William Blough <email address hidden> Thu, 26 Apr 2018 00:28:32 -0400
Upload details
- Uploaded by:
- Jay Berkenbilt
- Uploaded to:
- Jessie
- Original maintainer:
- Jay Berkenbilt
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section | |
---|---|---|---|---|
Jessie | release | main | libs |
Builds
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
xerces-c_3.1.1-5.1+deb8u4.dsc | 2.1 KiB | 1510d55907f784fdd91714951e1f039bcfce112942770798d0f9dd938ecc33e0 |
xerces-c_3.1.1.orig.tar.gz | 4.8 MiB | a42785f71e0b91d5fd273831c87410ce60a73ccfdd207de1b805d26d44968736 |
xerces-c_3.1.1-5.1+deb8u4.debian.tar.xz | 10.4 KiB | f95aef3e86133fb2ce8830543eb3f4273d01f531623ace54637427763e18d721 |
No changes file available.