-
xerces-c (3.2.3+debian-3ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: use-after-free on external DTD scan
- debian/patches/CVE-2018-1311-mitigation.patch: remove CVE-2018-1311 fix
that also introduces memory leak.
- debian/patches/series: update series file to remove
CVE-2018-1311-mitigation.patch from the patch list.
- debian/patches/CVE-2018-1311.patch: resolve issue XERCESC-2188.
- CVE-2018-1311
* SECURITY UPDATE: integer overflows in DFAContentModel class
- debian/patches/CVE-2023-37536.patch: add limit checks to DFAContentModel
class methods and resolve issue XERCESC-2241.
- CVE-2023-37536
-- Camila Camargo de Matos <email address hidden> Wed, 17 Jan 2024 07:41:34 -0300
-
xerces-c (3.2.3+debian-3build1) jammy; urgency=medium
* No-change rebuild for icu soname change.
-- Matthias Klose <email address hidden> Wed, 09 Feb 2022 05:42:31 +0100
-
xerces-c (3.2.3+debian-3) unstable; urgency=medium
* Fix MemHandlerTest1 on 32-bit systems to compensate for CVE-2018-1311 fix
-- William Blough <email address hidden> Mon, 14 Dec 2020 11:43:13 -0500
