UbuntuUpdates.org

Package "xerces-c"

Name: xerces-c

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • validating XML parser library for C++ (development files)
  • validating XML parser library for C++ (documentation)
  • validating XML parser library for C++ (compiled samples)
  • validating XML parser library for C++
Latest version: 3.2.3+debian-3ubuntu0.1
Release: jammy (22.04)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "xerces-c" in Jammy

Repository Area Version
base universe 3.2.3+debian-3build1
security universe 3.2.3+debian-3ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.2.3+debian-3ubuntu0.1 2024-01-18 21:06:57 UTC

  xerces-c (3.2.3+debian-3ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free on external DTD scan
    - debian/patches/CVE-2018-1311-mitigation.patch: remove CVE-2018-1311 fix
      that also introduces memory leak.
    - debian/patches/series: update series file to remove
      CVE-2018-1311-mitigation.patch from the patch list.
    - debian/patches/CVE-2018-1311.patch: resolve issue XERCESC-2188.
    - CVE-2018-1311
  * SECURITY UPDATE: integer overflows in DFAContentModel class
    - debian/patches/CVE-2023-37536.patch: add limit checks to DFAContentModel
      class methods and resolve issue XERCESC-2241.
    - CVE-2023-37536

 -- Camila Camargo de Matos <email address hidden> Wed, 17 Jan 2024 07:41:34 -0300
CVE-2018-1311 The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been
CVE-2023-37536 An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.


About   -   Send Feedback to @ubuntu_updates