Change logs for xerces-c source package in Trusty

xerces-c (3.1.1-5.1+deb8u4build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

xerces-c (3.1.1-5.1+deb8u4) jessie; urgency=medium

  * Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of
    Offensive Research discovered that the Xerces-C XML parser mishandles
    certain kinds of external DTD references, resulting in dereference of a
    NULL pointer while processing the path to the DTD. The bug allows for a
    denial of service attack in applications that allow DTD processing and do
    not prevent external DTD usage, and could conceivably result in remote code
    execution.

 -- Mike Salvatore <email address hidden>  Thu, 06 Dec 2018 11:09:03 -0500

xerces-c (3.1.1-5.1+deb8u3build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

xerces-c (3.1.1-5.1+deb8u3) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD
    (Closes: #828990)
  * Enable the ability to disable DTD processing through the use of an env
    variable
  * Add NEWS.Debian entry to document the XERCES_DISABLE_DTD variable

 -- Tyler Hicks <email address hidden>  Fri, 01 Jul 2016 13:28:17 -0500

xerces-c (3.1.1-5.1+deb8u2build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

xerces-c (3.1.1-5.1+deb8u2) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2016-2099: Use-after-free in heap on specially crafted XML input
    (Closes: #823863)

 -- Steve Beattie <email address hidden>  Tue, 17 May 2016 11:50:03 -0700

xerces-c (3.1.1-5.1+deb8u1build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

xerces-c (3.1.1-5.1+deb8u1) jessie-security; urgency=high

  * Non-maintainer upload by the Security Team.
  * CVE-2016-0729: Buffer overlows during processing and error reporting

xerces-c (3.1.1-5.1) unstable; urgency=high

  * Non-maintainer upload.
  * Add CVE-2015-0252.patch patch.
    CVE-2015-0252: Apache Xerces-C XML parser crashes on malformed input.
    (Closes: #780827)

 -- Tyler Hicks <email address hidden>  Mon, 29 Feb 2016 09:49:19 -0600

xerces-c (3.1.1-5.1~build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian

xerces-c (3.1.1-5.1) unstable; urgency=high

  * Non-maintainer upload.
  * Add CVE-2015-0252.patch patch.
    CVE-2015-0252: Apache Xerces-C XML parser crashes on malformed input.
    (Closes: #780827)

 -- Tyler Hicks <email address hidden>  Fri, 15 May 2015 18:18:02 -0500

xerces-c (3.1.1-5) unstable; urgency=medium


  * Apply upstream patch for PATH_MAX to enable compilation on GNU hurd.
    (Closes: #636568)

 -- Jay Berkenbilt <email address hidden>  Wed, 08 Jan 2014 15:48:01 -0500

xerces-c (3.1.1-4) unstable; urgency=low


  * Update standards version to 3.9.5.  Opting for shlibs files because of
    C++ interface.  No changes required.
  * Depend on dh-autoreconf. (Closes: #733024)

 -- Jay Berkenbilt <email address hidden>  Tue, 24 Dec 2013 20:59:37 -0500

xerces-c (3.1.1-3ubuntu1) trusty; urgency=medium

  * Use dh-autoreconf to update libtool.m4 for new ports.
 -- Colin Watson <email address hidden>   Tue, 24 Dec 2013 03:03:15 +0000

xerces-c (3.1.1-3) unstable; urgency=low


  * Update standards version to 3.9.3.
  * Enable hardening flags
  * Multiarch

 -- Jay Berkenbilt <email address hidden>  Fri, 29 Jun 2012 21:15:58 -0400