-
xerces-c (3.1.1-5.1+deb8u4) jessie; urgency=medium
* Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of
Offensive Research discovered that the Xerces-C XML parser mishandles
certain kinds of external DTD references, resulting in dereference of a
NULL pointer while processing the path to the DTD. The bug allows for a
denial of service attack in applications that allow DTD processing and do
not prevent external DTD usage, and could conceivably result in remote code
execution.
-- William Blough <email address hidden> Thu, 26 Apr 2018 00:28:32 -0400
-
xerces-c (3.1.1-5.1+deb8u3) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD
(Closes: #828990)
* Enable the ability to disable DTD processing through the use of an env
variable
* Add NEWS.Debian entry to document the XERCES_DISABLE_DTD variable
-- Salvatore Bonaccorso <email address hidden> Tue, 28 Jun 2016 16:53:20 +0200
-
xerces-c (3.1.1-5.1+deb8u2) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2016-2099: Use-after-free in heap on specially crafted XML input
(Closes: #823863)
-- Salvatore Bonaccorso <email address hidden> Sat, 14 May 2016 05:45:10 +0200
-
xerces-c (3.1.1-5.1+deb8u1) jessie-security; urgency=high
* Non-maintainer upload by the Security Team.
* CVE-2016-0729: Buffer overlows during processing and error reporting
-- Salvatore Bonaccorso <email address hidden> Wed, 24 Feb 2016 19:25:29 +0100
-
xerces-c (3.1.1-5.1) unstable; urgency=high
* Non-maintainer upload.
* Add CVE-2015-0252.patch patch.
CVE-2015-0252: Apache Xerces-C XML parser crashes on malformed input.
(Closes: #780827)
-- Salvatore Bonaccorso <email address hidden> Fri, 20 Mar 2015 19:40:31 +0100
-
xerces-c (3.1.1-5) unstable; urgency=medium
* Apply upstream patch for PATH_MAX to enable compilation on GNU hurd.
(Closes: #636568)
-- Jay Berkenbilt <email address hidden> Wed, 08 Jan 2014 15:48:01 -0500
-
xerces-c (3.1.1-4) unstable; urgency=low
* Update standards version to 3.9.5. Opting for shlibs files because of
C++ interface. No changes required.
* Depend on dh-autoreconf. (Closes: #733024)
-- Jay Berkenbilt <email address hidden> Tue, 24 Dec 2013 20:59:37 -0500
-
xerces-c (3.1.1-3) unstable; urgency=low
* Update standards version to 3.9.3.
* Enable hardening flags
* Multiarch
-- Jay Berkenbilt <email address hidden> Fri, 29 Jun 2012 21:15:58 -0400