Univention Bugzilla – Bug 52530
xerces-c: Multiple issues (4.4)
Last modified: 2021-01-06 16:53:47 CET
New Debian xerces-c 3.1.4+debian-2+deb9u2 fixes: This update addresses the following issue: * CVE-2018-1311 mitigation: fix use-after-free vulnerability when processing external DTD, at the expense of a memory leak. Users may mitigate both by setting the XERCES_DISABLE_DTD environment variable.
--- mirror/ftp/4.3/unmaintained/4.3-2/source/xerces-c_3.1.4+debian-2+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/xerces-c_3.1.4+debian-2+deb9u2.dsc @@ -1,3 +1,10 @@ +3.1.4+debian-2+deb9u2 [Fri, 11 Dec 2020 18:16:07 +0100] Sylvain Beucler <beuc@debian.org>: + + * Non-maintainer upload. + * CVE-2018-1311 mitigation: fix use-after-free vulnerability when + processing external DTD, at the expense of a memory leak. Users may + mitigate both by setting the XERCES_DISABLE_DTD environment variable. + 3.1.4+debian-2+deb9u1 [Thu, 26 Apr 2018 00:35:59 -0400] William Blough <devel@blough.us>: * Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of <http://10.200.17.11/4.4-7/#8017158011096688891>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] a9c8f25ea9 Bug #52530: xerces-c_3.1.4+debian-2+deb9u2 doc/errata/staging/xerces-c.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x862>