UbuntuUpdates.org

Package "libxerces-c-doc"

Name: libxerces-c-doc

Description:

validating XML parser library for C++ (documentation)

Latest version: 3.2.3+debian-3ubuntu0.1
Release: jammy (22.04)
Level: security
Repository: universe
Head package: xerces-c
Homepage: https://xerces.apache.org/xerces-c/

Links


Download "libxerces-c-doc"


Other versions of "libxerces-c-doc" in Jammy

Repository Area Version
base universe 3.2.3+debian-3build1
updates universe 3.2.3+debian-3ubuntu0.1

Changelog

Version: 3.2.3+debian-3ubuntu0.1 2024-01-18 20:06:56 UTC

  xerces-c (3.2.3+debian-3ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free on external DTD scan
    - debian/patches/CVE-2018-1311-mitigation.patch: remove CVE-2018-1311 fix
      that also introduces memory leak.
    - debian/patches/series: update series file to remove
      CVE-2018-1311-mitigation.patch from the patch list.
    - debian/patches/CVE-2018-1311.patch: resolve issue XERCESC-2188.
    - CVE-2018-1311
  * SECURITY UPDATE: integer overflows in DFAContentModel class
    - debian/patches/CVE-2023-37536.patch: add limit checks to DFAContentModel
      class methods and resolve issue XERCESC-2241.
    - CVE-2023-37536

 -- Camila Camargo de Matos <email address hidden> Wed, 17 Jan 2024 07:41:34 -0300

CVE-2018-1311 The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been
CVE-2023-37536 An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.



About   -   Send Feedback to @ubuntu_updates