UbuntuUpdates.org

Package "libxerces-c-doc"

Name: libxerces-c-doc

Description:

validating XML parser library for C++ (documentation)
Latest version: 3.2.3+debian-3ubuntu0.1
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: xerces-c
Homepage: https://xerces.apache.org/xerces-c/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libxerces-c-doc"

All arch deb package
APT INSTALL

Other versions of "libxerces-c-doc" in Jammy

Repository Area Version
base universe 3.2.3+debian-3build1
security universe 3.2.3+debian-3ubuntu0.1

Changelog

Version: 3.2.3+debian-3ubuntu0.1 2024-01-18 21:06:57 UTC

  xerces-c (3.2.3+debian-3ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: use-after-free on external DTD scan
    - debian/patches/CVE-2018-1311-mitigation.patch: remove CVE-2018-1311 fix
      that also introduces memory leak.
    - debian/patches/series: update series file to remove
      CVE-2018-1311-mitigation.patch from the patch list.
    - debian/patches/CVE-2018-1311.patch: resolve issue XERCESC-2188.
    - CVE-2018-1311
  * SECURITY UPDATE: integer overflows in DFAContentModel class
    - debian/patches/CVE-2023-37536.patch: add limit checks to DFAContentModel
      class methods and resolve issue XERCESC-2241.
    - CVE-2023-37536

 -- Camila Camargo de Matos <email address hidden> Wed, 17 Jan 2024 07:41:34 -0300
CVE-2018-1311 The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been
CVE-2023-37536 An integer overflow in xerces-c++ 3.2.3 in BigFix Platform allows remote attackers to cause out-of-bound access via HTTP request.


About   -   Send Feedback to @ubuntu_updates