UbuntuUpdates.org

Package "xerces-c"

Name: xerces-c

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • validating XML parser library for C++ (development files)
  • validating XML parser library for C++ (documentation)
  • validating XML parser library for C++ (compiled samples)
  • validating XML parser library for C++

Latest version: 3.2.2+debian-1ubuntu0.2
Release: focal (20.04)
Level: updates
Repository: universe

Links



Other versions of "xerces-c" in Focal

Repository Area Version
base universe 3.2.2+debian-1build3
security universe 3.2.2+debian-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.2.2+debian-1ubuntu0.2 2024-01-18 21:06:54 UTC

  xerces-c (3.2.2+debian-1ubuntu0.2) focal-security; urgency=medium

  * SECURITY UPDATE: integer overflows in DFAContentModel class
    - debian/patches/CVE-2023-37536.patch: add limit checks to DFAContentModel
      class methods and resolve issue XERCESC-2241.
    - CVE-2023-37536

 -- Camila Camargo de Matos <email address hidden> Tue, 16 Jan 2024 13:39:29 -0300

Source diff to previous version
CVE-2023-37536 An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.

Version: 3.2.2+debian-1ubuntu0.1 2024-01-16 15:08:49 UTC

  xerces-c (3.2.2+debian-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free on external DTD scan
    - debian/patches/CVE-2018-1311.patch: resolve issue XERCESC-2188.
    - CVE-2018-1311
  * debian/patches/correct-test-name.patch: fix test name argument in
    ThreadTest8 script.

 -- Camila Camargo de Matos <email address hidden> Mon, 08 Jan 2024 15:36:44 -0300

CVE-2018-1311 The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been



About   -   Send Feedback to @ubuntu_updates