xerces-c 3.1.1-5.1+deb8u4 source package in Debian
Changelog
xerces-c (3.1.1-5.1+deb8u4) jessie; urgency=medium
* Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of
Offensive Research discovered that the Xerces-C XML parser mishandles
certain kinds of external DTD references, resulting in dereference of a
NULL pointer while processing the path to the DTD. The bug allows for a
denial of service attack in applications that allow DTD processing and do
not prevent external DTD usage, and could conceivably result in remote code
execution.
-- William Blough <email address hidden> Thu, 26 Apr 2018 00:28:32 -0400
Upload details
- Uploaded by:
- Jay Berkenbilt
- Uploaded to:
- Jessie
- Original maintainer:
- Jay Berkenbilt
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Jessie | release | main | libs |
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| xerces-c_3.1.1-5.1+deb8u4.dsc | 2.1 KiB | 1510d55907f784fdd91714951e1f039bcfce112942770798d0f9dd938ecc33e0 |
| xerces-c_3.1.1.orig.tar.gz | 4.8 MiB | a42785f71e0b91d5fd273831c87410ce60a73ccfdd207de1b805d26d44968736 |
| xerces-c_3.1.1-5.1+deb8u4.debian.tar.xz | 10.4 KiB | f95aef3e86133fb2ce8830543eb3f4273d01f531623ace54637427763e18d721 |
No changes file available.
