[Secure-testing-team] Bug#828990: xerces-c: CVE-2016-4463
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 29 14:43:56 UTC 2016
Source: xerces-c
Version: 3.1.1-3
Severity: important
Tags: security upstream patch fixed-upstream
Hi,
the following vulnerability was published for xerces-c.
CVE-2016-4463[0]:
Apache Xerces-C XML Parser Crashes on Malformed DTD
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-4463
[1] https://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt
Note that I have already prepared the corresponding debdiffs for
jessie-security (and since was basically the same as well for
wheezy lts).
Regards,
Salvatore
More information about the Secure-testing-team
mailing list