Univention Bugzilla – Bug 39422
expat: Mehrere Sicherheitslücken (ES 3.2)
Last modified: 2019-04-11 19:23:22 CEST
This security issue is fixed in upstream Debian package version 2.0.1-7+squeeze2: * Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0 allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data (CVE-2015-1283) +++ This bug was initially created as a clone of Bug #39421 +++
Two additional issues have been fixed in the Jessie package version: * unanticipated internal calls to srand (CVE-2012-6702) * use of too little entropy (CVE-2016-5300)
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4. If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.