-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 31 Dec 2023 12:43:25 +0100 Source: xerces-c Architecture: source Version: 3.2.3+debian-3+deb11u1 Distribution: bullseye Urgency: high Maintainer: William Blough <bblough@debian.org> Changed-By: Guilhem Moulin <guilhem@debian.org> Closes: 947431 Changes: xerces-c (3.2.3+debian-3+deb11u1) bullseye; urgency=high . * Non-maintainer upload. * Fix CVE-2018-1311: Use-after-free on external DTD scan. This replaces RedHat's mitigation patch (which introduced a memory leak). Closes: #947431 * Fix CVE-2023-37536: Integer overflows in DFAContentModel class. * Upstream tests: Cherry-pick upstream patch to fix NetAccessorTest to exit with non-zero status in case of error. Checksums-Sha1: b0aa51b2a9e0c6ee604c67a7026c5c749deb5743 2366 xerces-c_3.2.3+debian-3+deb11u1.dsc 71f192e4193163961e762aeb58870cc1a8b5b312 29192 xerces-c_3.2.3+debian-3+deb11u1.debian.tar.xz 9145ec88b550978670d3669e119a759992912db7 11413 xerces-c_3.2.3+debian-3+deb11u1_amd64.buildinfo Checksums-Sha256: 46f3ead08cc6463b5184501f44f667c19423dd8d1b8e2b4b82f9bc9adc5a4904 2366 xerces-c_3.2.3+debian-3+deb11u1.dsc 245a6628d1b3314f2d33f4b30b1d21590fa6a7ade08e5ca8963e10b310c4c6ec 29192 xerces-c_3.2.3+debian-3+deb11u1.debian.tar.xz 14e206af07caa5f50d51c04e1e18505ebef28f4bc6cc2dcb453c7b99559684b5 11413 xerces-c_3.2.3+debian-3+deb11u1_amd64.buildinfo Files: 662d2a76cb7e144d0168fcd0319e14cd 2366 libs optional xerces-c_3.2.3+debian-3+deb11u1.dsc 270e4187545d092ba8dc2c5e21bb9f00 29192 libs optional xerces-c_3.2.3+debian-3+deb11u1.debian.tar.xz 33a3493340cb0fa5b3b8a7343477d7a1 11413 libs optional xerces-c_3.2.3+debian-3+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmWxyPgACgkQ05pJnDwh pVJMYA/8C8ZV0jmaPnlFK6h7DSDYbzMOwaJi3Nj7w74+fp676ptjiVw4kpbt+C4T LES8uiqjyNT1ozFPnVLJwxmNzbS+vdGn73wfihfXesNr2ziIHN1eNp78dNfCEzFF d4akfYEfHpacyPBbsAARBFonK75BGh74OQgcHjCxxz09ro6FSBdqwBoi+/1BZNn9 vzayUa3cYEqxXF3mRyKlQ8KEro/1UBbOjiuFofI+H+aaram+qQzLlc5ThbAMdze6 Xe9ao5MotYu3IqyHyOckiAc3YCOflMUqkSGKBLapesFb/XxViVFeSOTWwkIbnj2s dkyENdNSECUC5k4BzKm9oiFQb5YXkzCGkiFmocN9pm7p0wA+BSSMrboitJi//0Dr 3fBf13BNTDMS0JL8msOCH+5myaUpyC4qxJvvVJvNJm3eoaeh7e79nf13u84VAZOc vOWbAha+BkH8iy0MmSlnLkhTLYiDnPRPYD6NsSp0o4/jECtSx7L9z8hgp6uvlZ2B PWSYRWwL1rlLiBqc4UiasqnFaq1N6l4f6cXu5qfuisyKFxdqeZEY0qb9YsbB/gnq n/l4i9MhqNleMmC8JxvY7kpXDGkzuorES7MpA3lbO9UXg1hOIkRW2nPWnPor4OwZ qjOeJzYj6w8g50dBsZpVwizmjdeaebVrcD0/cvaINeq1DAUYGO8= =3c5S -----END PGP SIGNATURE-----
