-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 29 Mar 2018 23:03:32 +0200 Source: xerces-c Binary: libxerces-c3.1 libxerces-c-dev libxerces-c-doc libxerces-c-samples Architecture: source all amd64 Version: 3.1.1-3+deb7u5 Distribution: wheezy-security Urgency: high Maintainer: Jay Berkenbilt <qjb@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libxerces-c-dev - validating XML parser library for C++ (development files) libxerces-c-doc - validating XML parser library for C++ (documentation) libxerces-c-samples - validating XML parser library for C++ (compiled samples) libxerces-c3.1 - validating XML parser library for C++ Changes: xerces-c (3.1.1-3+deb7u5) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of Offensive Research discovered that the Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could conceivably result in remote code execution. Checksums-Sha1: 5d8c9e6a362da8f8f9988e07a9c39ec7a210360e 2093 xerces-c_3.1.1-3+deb7u5.dsc 470331bf1c4b8462b964dda9e32e8471446cb70b 10600 xerces-c_3.1.1-3+deb7u5.debian.tar.gz dd5767030021be6421a6ad85cb713cabdbfdc88a 2589212 libxerces-c-doc_3.1.1-3+deb7u5_all.deb 6b0140f24c3d286bf3b80e52d113910fc5e732dd 1141068 libxerces-c3.1_3.1.1-3+deb7u5_amd64.deb 70c665729ad47af641a11853fa23b194ca8e1b69 2957410 libxerces-c-dev_3.1.1-3+deb7u5_amd64.deb ef620bbce58392302d23ea7f93b11faf6b22a13e 242280 libxerces-c-samples_3.1.1-3+deb7u5_amd64.deb Checksums-Sha256: 5b764a8c0acca2fb9da8cde622c47ec0f478a32dd83636469f1271d38939a260 2093 xerces-c_3.1.1-3+deb7u5.dsc 9ebaaa1d29b72a48b0a85aeb958f783f5ced75f8245081008ceef8278445f52b 10600 xerces-c_3.1.1-3+deb7u5.debian.tar.gz 1912445b47e8946dd4f029493cb6876d362b8e912f2b9f004ca6e74d0adebbff 2589212 libxerces-c-doc_3.1.1-3+deb7u5_all.deb fe0ebac9939b43a16cf5725df84061afa8d2d178f00f7706e74d344885150974 1141068 libxerces-c3.1_3.1.1-3+deb7u5_amd64.deb 79b07691f2f84d3b300a4007322a308467d296ac89b481e024fca4607a449bd0 2957410 libxerces-c-dev_3.1.1-3+deb7u5_amd64.deb c746db96969673048cf6838d776986a665ccd150fcd7f52e2208b7e47f8c8918 242280 libxerces-c-samples_3.1.1-3+deb7u5_amd64.deb Files: 20f88c61f69c9897842c9c54c500081c 2093 libs optional xerces-c_3.1.1-3+deb7u5.dsc 88e2c4718d5235f47641431e8ab30f89 10600 libs optional xerces-c_3.1.1-3+deb7u5.debian.tar.gz ad801faeb31318906ecc3d944531cab3 2589212 doc optional libxerces-c-doc_3.1.1-3+deb7u5_all.deb 55a67c2d2ff9a27200d0d8c389c31285 1141068 libs optional libxerces-c3.1_3.1.1-3+deb7u5_amd64.deb 6e0d2fe0346505f0c0a1f1fe56a95187 2957410 libdevel optional libxerces-c-dev_3.1.1-3+deb7u5_amd64.deb 89520347b9dad6642c91f0604147280f 242280 devel optional libxerces-c-samples_3.1.1-3+deb7u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlq9V/lfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HklmgQAI3p7GVmggCNQVG0CUjo1VIZqTE3jo6Euxvs nKTKaoD1e3ninp8ekYcof3eeHAmUc6RXo/jViRR15TKIVlGU4cJ0wkGhtKBo8kSF ot2sSaBjkK544qf21dJdyOjylJifPgaDDhRaQ3QXUBN0gdmh/tlhYLerG0/Ys5Fb beDYuhmF/7cqCpR3NX0410CH8jBiyZHDgQPqU0Soj/VUCuOyvThEFjVlLy5PzzA+ HWMbSTi0h/SnSDiek15NyZXKtffCfU9t9urzjBV02/puXCwKvFj4l+7DNiBUoAVS 0qJErNrTheFr/BsK7zILJnkE4Guk705UrHSsg8tTloipVmonh/D2hhy2eb3ru5Qf MwzUO7PAkz/HMZ7UAzkPSLiOGttnrJl7t2+iqu13G5tsLcLtJY9oFrelcyPHyYLX y+0eJnIYTkl92Eh+yyftu/FKC7fgWlXLP8wV8Os8pFY/j8exSTCGscVDkIhw13zV 3SJc7WtpMfMTozZ6ErKRLMbrPhxFIEkU141JBbVrUeWZwuYUdMRAgqa2GOQSvYuy wDtC9pYc3fqzmE/hl0gxFBj3erODP8nJIvAkTPBXGs8DLdnzdC35vgimFDQkKjm3 +WbEhwKNBQd8RV8kZ7kkmIHyH9K0aqsZ4kkdNT4Xr0BX4n34EZ46D4MXvaUiZG1O ewZ06VSM =6ZdY -----END PGP SIGNATURE-----