xerces-c 3.1.1-5.1+deb8u4build0.14.04.1 source package in Ubuntu
Changelog
xerces-c (3.1.1-5.1+deb8u4build0.14.04.1) trusty-security; urgency=medium
* fake sync from Debian
xerces-c (3.1.1-5.1+deb8u4) jessie; urgency=medium
* Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of
Offensive Research discovered that the Xerces-C XML parser mishandles
certain kinds of external DTD references, resulting in dereference of a
NULL pointer while processing the path to the DTD. The bug allows for a
denial of service attack in applications that allow DTD processing and do
not prevent external DTD usage, and could conceivably result in remote code
execution.
-- Mike Salvatore <email address hidden> Thu, 06 Dec 2018 11:09:03 -0500
Upload details
- Uploaded by:
- Mike Salvatore
- Uploaded to:
- Trusty
- Original maintainer:
- Jay Berkenbilt
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Trusty | updates | universe | libs | |
| Trusty | security | universe | libs |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| xerces-c_3.1.1.orig.tar.gz | 4.8 MiB | a42785f71e0b91d5fd273831c87410ce60a73ccfdd207de1b805d26d44968736 |
| xerces-c_3.1.1-5.1+deb8u4build0.14.04.1.debian.tar.gz | 11.6 KiB | e8d198107b654ba460610977209044c39af3129ea6a8060a2443db16d5f8c1cb |
| xerces-c_3.1.1-5.1+deb8u4build0.14.04.1.dsc | 2.0 KiB | 23571207053305671eaf3b1c998cb7cd1e671992d5bd1dc89da9a7ce5b5cb07d |
Available diffs
Binary packages built by this source
- libxerces-c-dev: validating XML parser library for C++ (development files)
Xerces-C++ is a validating XML parser written in a portable subset of
C++. This package contains the development files for Xerces. It also
contains sources to various sample files. The libxerces-c-samples
package contains compiled versions of the samples.
- libxerces-c-doc: validating XML parser library for C++ (documentation)
Xerces-C++ is a validating XML parser written in a portable subset of
C++. This package contains the documentation files.
- libxerces-c-samples: validating XML parser library for C++ (compiled samples)
Xerces-C++ is a validating XML parser written in a portable subset of
C++. This package contains compiled versions of the samples. You
probably don't want this package, but it can be useful if you are
trying to reproduce a problem before reporting a bug that will be
easy for the xerces developers to reproduce.
- libxerces-c-samples-dbgsym: debug symbols for package libxerces-c-samples
Xerces-C++ is a validating XML parser written in a portable subset of
C++. This package contains compiled versions of the samples. You
probably don't want this package, but it can be useful if you are
trying to reproduce a problem before reporting a bug that will be
easy for the xerces developers to reproduce.
- libxerces-c3.1: validating XML parser library for C++
Xerces-C++ is a validating XML parser written in a portable subset of
C++. Xerces-C++ makes it easy to give your application the ability
to read and write XML data. A shared library is provided for parsing,
generating, manipulating, and validating XML documents. Xerces-C++ is
faithful to the XML 1.0 recommendation and associated standards (DOM
1.0, DOM 2.0, SAX 1.0, SAX 2.0, Namespaces, XML Schema Part 1 and
Part 2). It also provides experimental implementations of XML 1.1
and DOM Level 3.0. The parser provides high performance, modularity,
and scalability.
- libxerces-c3.1-dbgsym: debug symbols for package libxerces-c3.1
Xerces-C++ is a validating XML parser written in a portable subset of
C++. Xerces-C++ makes it easy to give your application the ability
to read and write XML data. A shared library is provided for parsing,
generating, manipulating, and validating XML documents. Xerces-C++ is
faithful to the XML 1.0 recommendation and associated standards (DOM
1.0, DOM 2.0, SAX 1.0, SAX 2.0, Namespaces, XML Schema Part 1 and
Part 2). It also provides experimental implementations of XML 1.1
and DOM Level 3.0. The parser provides high performance, modularity,
and scalability.
