Package "xerces-c"
Name: |
xerces-c
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- validating XML parser library for C++ (development files)
- validating XML parser library for C++ (documentation)
- validating XML parser library for C++ (compiled samples)
- validating XML parser library for C++
|
Latest version: |
3.2.3+debian-3ubuntu0.1 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "xerces-c" in Jammy
Packages in group
Deleted packages are displayed in grey.
Changelog
xerces-c (3.2.3+debian-3ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: use-after-free on external DTD scan
- debian/patches/CVE-2018-1311-mitigation.patch: remove CVE-2018-1311 fix
that also introduces memory leak.
- debian/patches/series: update series file to remove
CVE-2018-1311-mitigation.patch from the patch list.
- debian/patches/CVE-2018-1311.patch: resolve issue XERCESC-2188.
- CVE-2018-1311
* SECURITY UPDATE: integer overflows in DFAContentModel class
- debian/patches/CVE-2023-37536.patch: add limit checks to DFAContentModel
class methods and resolve issue XERCESC-2241.
- CVE-2023-37536
-- Camila Camargo de Matos <email address hidden> Wed, 17 Jan 2024 07:41:34 -0300
|
CVE-2018-1311 |
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been |
CVE-2023-37536 |
An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request. |
|
About
-
Send Feedback to @ubuntu_updates