[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1aYyJk-0005ce-Fl@master.debian.org>
Date: Thu, 25 Feb 2016 15:59:04 +0000
From: Salvatore Bonaccorso <carnil@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3493-1] xerces-c security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3493-1 security@...ian.org
https://www.debian.org/security/ Salvatore Bonaccorso
February 25, 2016 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : xerces-c
CVE ID : CVE-2016-0729
Debian Bug : 815907
Gustavo Grieco discovered that xerces-c, a validating XML parser library
for C++, mishandles certain kinds of malformed input documents,
resulting in buffer overflows during processing and error reporting.
These flaws could lead to a denial of service in applications using the
xerces-c library, or potentially, to the execution of arbitrary code.
For the oldstable distribution (wheezy), this problem has been fixed
in version 3.1.1-3+deb7u2.
For the stable distribution (jessie), this problem has been fixed in
version 3.1.1-5.1+deb8u1.
We recommend that you upgrade your xerces-c packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJWzySQAAoJEAVMuPMTQ89EcvMP/3rigLRWRzgO3Lxyxvfpj+Gi
Xy5kq4DwlPrl7MR4C5lV2Wi9pTzk4SOnTbjDe9vl5w8RF+RPirYD1p5miRAZcRn/
5dHY+q7R3RLEPbctdeM2pP2XE9VwDzhZKpZP/TewbL5gxJyjtpCZBhvWOxgkJTB2
LnZdG/LAqIswU3fbWui0QTn4I1nB9M94QYsf4tv7908wT1fZVn4LSMSsic0Uwa/G
y7ski8Kot2IQYCYUMDtddtRSm3s45bS4Z5NM6KMrga63XjpxUzl/tZ2wfn4jB0oD
za/PYLIHr0tW2xBqzmtuK6c+DwrDqNhn1GlBYUmphq0iPCR26nz3j/zjibmebhMd
uoQflO8zNaw2NixyvfjSBAgpeJGYAHD7QLCyBqs6lvdt5hyFvamkRkpBejASIRWk
hhwJ0uF/BhgjMylwl79DvMuUD/+YuMzAhcuvJ0iN4+upqAhMqlbq/f76eianvOEZ
NiWj+N1UT0BMG1oVnswl5PziBPXf9ux31V5OUZn8UUKysQBSpWGKYmaIIVSbzj6y
YRkulxEKlZIICc+i6rVY/W7/c0MnQ56/2t0SYoKHYVAlX2pqMn1rBDqCfKHMba3p
BnvPF8VO9Kpykv/xkXYkaF+V2RrAN22Ju6c5T67SS7raIaL7SJ/FuNuZ4s9IGhIQ
exUPEo22+MI9Uw/NVTv4
=X3xz
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists