Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted xerces-c 3.2.2+debian-1+deb10u2 (source) into oldoldstable
Date: Sun, 31 Dec 2023 10:50:19 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 28 Dec 2023 22:12:50 +0100
Source: xerces-c
Architecture: source
Version: 3.2.2+debian-1+deb10u2
Distribution: buster-security
Urgency: high
Maintainer: William Blough <bblough@debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 947431
Changes:
 xerces-c (3.2.2+debian-1+deb10u2) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * Fix CVE-2018-1311: Use-after-free on external DTD scan.  This replaces
     RedHat's mitigation patch (which had a memory leak). (Closes: #947431)
   * Fix CVE-2023-37536: Integer overflows in DFAContentModel class.
   * Upstream tests: Cherry-pick upstream patch to fix NetAccessorTest to exit
     with non-zero status in case of error.
Checksums-Sha1:
 9e8cc686d1746a9c15666d6313263fa36c1dae0a 2289 xerces-c_3.2.2+debian-1+deb10u2.dsc
 6c25f097d4e45a731b61ba5745879dcc84d296e9 28728 xerces-c_3.2.2+debian-1+deb10u2.debian.tar.xz
 f52018972f7a7151a0b203fe1b6788181b9f599b 11079 xerces-c_3.2.2+debian-1+deb10u2_amd64.buildinfo
Checksums-Sha256:
 b93e3dd39c14eeddb34c6b2fdc1a6a8830f7f4f05f17a3ca96404afc91d24a11 2289 xerces-c_3.2.2+debian-1+deb10u2.dsc
 716b87799c1796d28d499fc842b05155763e0d27e7a3e68b803cbb684db02f1f 28728 xerces-c_3.2.2+debian-1+deb10u2.debian.tar.xz
 739d3e9e68133172fad0ef013ee70b73b63a37ec4feea72fe0e709727ec2515d 11079 xerces-c_3.2.2+debian-1+deb10u2_amd64.buildinfo
Files:
 6e753442c840a03f2e6152531b551c90 2289 libs optional xerces-c_3.2.2+debian-1+deb10u2.dsc
 138881bb7bdb8ae13b65b434a347d6c2 28728 libs optional xerces-c_3.2.2+debian-1+deb10u2.debian.tar.xz
 1472787ab198533e1a870ed3125758d3 11079 libs optional xerces-c_3.2.2+debian-1+deb10u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmWN5asACgkQ05pJnDwh
pVJjKw/7B7LDok8xXSZPZdvHZKmD+z/2+IWDoNDRACyWZPLa7QH6u08yuh2zaIm9
JLCHaDxLVE9CgkC/liwJcinGXln/mvvmX2h6KfNTV6DritdCQS1xJaTrHPNjDKlK
64DMIKGI7jXVdnq41mY7JxINL4RJPWeKSMzoc4fV+0DXqxvvm+LfTxIQ3xYEeWVn
HYWlsMoXPjvEs7sv025lmIqqCbDKr7yFbdSDBStYUuRYlDJLpi+LMNNlRc910JZB
ynQWkbYlr5j0XEmlgPndeUtDWHhw9TDiG/UZH1NxJPwxWdP9tfGvvdQidXB95zg2
N3+xOTMMUr23n9/UgfxOtbSWszoZ6lEjOsVj2tShJS4owSRw+9dsOfb3khyBTkr7
iGsed4XfzMIKR6fzV3HjcoT7kM+bX5b418JbRZTNMyOTp1sNeUEyDTjwit6R9lH6
s2LIad39mN+5UKh9Gu5dSsFPOG9nT3a2JInUN7rGGvxrfl5/vZRCURbnu9W3W8un
4N4V4iVwYI+cUxO9h6/7LxXfhhxWJmo12DvXOO94ZFRA0TmVKGZ7J83UxiiyUwXi
paH45sLqAWBtaLntrNHf9PvTaQze3CUFEuiTlZx2L6Xfu2ILtgTqDvuHwwVt7BcY
9ry0i0xJRWgQCxUCr35RBhdnI1RE+sMMtCsrzeMRRTpWgLwMr/U=
=9Wz9
-----END PGP SIGNATURE-----

News for package xerces-c