-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 28 Jun 2016 16:53:20 +0200 Source: xerces-c Binary: libxerces-c3.1 libxerces-c-dev libxerces-c-doc libxerces-c-samples Architecture: all source Version: 3.1.1-5.1+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Jay Berkenbilt <qjb@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 828990 Description: libxerces-c-dev - validating XML parser library for C++ (development files) libxerces-c-doc - validating XML parser library for C++ (documentation) libxerces-c-samples - validating XML parser library for C++ (compiled samples) libxerces-c3.1 - validating XML parser library for C++ Changes: xerces-c (3.1.1-5.1+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD (Closes: #828990) * Enable the ability to disable DTD processing through the use of an env variable * Add NEWS.Debian entry to document the XERCES_DISABLE_DTD variable Checksums-Sha1: e36e1fc63f554d1199300a1519d30f447d03df91 1968 xerces-c_3.1.1-5.1+deb8u3.dsc 57600d72735e43f91a1f14619a0c2ad36e7e706d 10056 xerces-c_3.1.1-5.1+deb8u3.debian.tar.xz 6e4db7c7ae3465f458d1edfc0cec047d88c4641f 1295348 libxerces-c-doc_3.1.1-5.1+deb8u3_all.deb Checksums-Sha256: 4dfdc4229fdbb08a6dd241adc48d64d909721dc40776cded90c28b70614b66da 1968 xerces-c_3.1.1-5.1+deb8u3.dsc 5da9d98d43199d637aa7d079c058acebd20d92ed46dc7bc053d548bb509bcbeb 10056 xerces-c_3.1.1-5.1+deb8u3.debian.tar.xz 16241ba2fccc18868adef63b2e0f3c119a5b13105192e21724ebb34340a95f25 1295348 libxerces-c-doc_3.1.1-5.1+deb8u3_all.deb Files: 41afc1e7bfe37c39e00d30a8519574a1 1968 libs optional xerces-c_3.1.1-5.1+deb8u3.dsc fcd9e5370eba1d1ed99518004950f026 10056 libs optional xerces-c_3.1.1-5.1+deb8u3.debian.tar.xz 545eef2889ec0c63d248cd1222599d41 1295348 doc optional libxerces-c-doc_3.1.1-5.1+deb8u3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXc+DZAAoJEAVMuPMTQ89EV6UP/1oe+C/fOG9WcntGvC5OqB7k +b7/uSP4AEJPQldjThZRS7qU7IQZKFHGEoG5xav9L6x/qIp9UIyUPRiLmTpkRJp2 xQ3uSQ3Y9BkLU7UP9lmfgn73ocjEzCgz3PmV6P4VZTb7CZvEdsjrsvLePMXNW79x Ylu+ItffwIfCAa9LV9x01x6tT2l0ufuqeuq4OSzEkOluN+AKHbSvD0VzFKMI9ltx dKv4Y/SQL06f6r0nbgRuAlFch5zWi4ofXHFjf9k/AwjT/op9OjHkQ2bIxYZBcQbH PciFUgjanh6B7Ei9h4erwmP/JZ06beTgl8y0jutqx5XR95cfv73UAocQMOcAMW1u 9dBtN0Y9zCUTW0jQNDTGe05BcpH9fcuyd6TSusZJrJyU7twSGp3MU25CQxqSPbLt eRYWULe2htE1ZujoFTdS9mFMSpSloDIo41fjyyqCk/LWy+i5l9exBt/Xzz7I4hFb WiLcryXp7CURspuRs5rTx9EYkumHSxlKRTiu4Zd2xTzreQlKLcAFZGKKnJUOsogE LqJVCMlbxqDiDAYfNXQVkgeoMbvq1/xGz3xY6SC7oIN1BtsvSwG48maTy2leWRA4 ayx6ZJSezfB27Xp/Cz3nHjTvIZ3voClrHD/IyArKuMY0BaKNzXKmTqvqT/wke8Q8 M43A+g80XL463+h3Cjcc =kY5O -----END PGP SIGNATURE-----