UbuntuUpdates.org

Package "libxerces-c-dev"

Name: libxerces-c-dev

Description:

validating XML parser library for C++ (development files)

Latest version: 3.2.2+debian-1ubuntu0.2
Release: focal (20.04)
Level: updates
Repository: universe
Head package: xerces-c
Homepage: https://xerces.apache.org/xerces-c/

Links


Download "libxerces-c-dev"


Other versions of "libxerces-c-dev" in Focal

Repository Area Version
base universe 3.2.2+debian-1build3
security universe 3.2.2+debian-1ubuntu0.2

Changelog

Version: 3.2.2+debian-1ubuntu0.2 2024-01-18 21:06:54 UTC

  xerces-c (3.2.2+debian-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: integer overflows in DFAContentModel class
    - debian/patches/CVE-2023-37536.patch: add limit checks to DFAContentModel
      class methods and resolve issue XERCESC-2241.
    - CVE-2023-37536

 -- Camila Camargo de Matos <email address hidden> Tue, 16 Jan 2024 13:39:29 -0300

Source diff to previous version
CVE-2023-37536 An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

Version: 3.2.2+debian-1ubuntu0.1 2024-01-16 15:08:49 UTC

  xerces-c (3.2.2+debian-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free on external DTD scan
    - debian/patches/CVE-2018-1311.patch: resolve issue XERCESC-2188.
    - CVE-2018-1311
  * debian/patches/correct-test-name.patch: fix test name argument in
    ThreadTest8 script.

 -- Camila Camargo de Matos <email address hidden> Mon, 08 Jan 2024 15:36:44 -0300

CVE-2018-1311 The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been



About   -   Send Feedback to @ubuntu_updates