xerces-c 3.1.4+debian-2+deb9u1 source package in Debian
Changelog
xerces-c (3.1.4+debian-2+deb9u1) stretch; urgency=medium
* Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of
Offensive Research discovered that the Xerces-C XML parser mishandles
certain kinds of external DTD references, resulting in dereference of a
NULL pointer while processing the path to the DTD. The bug allows for a
denial of service attack in applications that allow DTD processing and do
not prevent external DTD usage, and could conceivably result in remote code
execution.
* Fix a regression that forced gcc to use SSE2, even on platforms that do not
support it (e.g., i386). This caused program crashes due to invalid CPU
instructions.
-- William Blough <email address hidden> Thu, 26 Apr 2018 00:35:59 -0400
Upload details
- Uploaded by:
- William Blough
- Uploaded to:
- Stretch
- Original maintainer:
- William Blough
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Stretch | release | main | libs |
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| xerces-c_3.1.4+debian-2+deb9u1.dsc | 2.4 KiB | edf16ad346b60877cb876692c72c2fe7eafdf4e39df51d0aaeb3dd64204c0e5f |
| xerces-c_3.1.4+debian.orig.tar.gz | 2.3 MiB | 4ab6acc4000362322c5f1568cfad32fdb5c49e96a1eaaaefd20f9ca24a406593 |
| xerces-c_3.1.4+debian-2+deb9u1.debian.tar.xz | 23.4 KiB | 12d7666bf2d5dfa40fe4667a36f2e6a75c44e07de5a07c395d08b997b3fdc56a |
No changes file available.
