-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 26 Apr 2018 00:28:32 -0400 Source: xerces-c Binary: libxerces-c3.1 libxerces-c-dev libxerces-c-doc libxerces-c-samples Architecture: source all amd64 Version: 3.1.1-5.1+deb8u4 Distribution: jessie Urgency: medium Maintainer: Jay Berkenbilt <qjb@debian.org> Changed-By: William Blough <devel@blough.us> Description: libxerces-c-dev - validating XML parser library for C++ (development files) libxerces-c-doc - validating XML parser library for C++ (documentation) libxerces-c-samples - validating XML parser library for C++ (compiled samples) libxerces-c3.1 - validating XML parser library for C++ Changes: xerces-c (3.1.1-5.1+deb8u4) jessie; urgency=medium . * Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of Offensive Research discovered that the Xerces-C XML parser mishandles certain kinds of external DTD references, resulting in dereference of a NULL pointer while processing the path to the DTD. The bug allows for a denial of service attack in applications that allow DTD processing and do not prevent external DTD usage, and could conceivably result in remote code execution. Checksums-Sha1: 10d59ce9ece896c6a019e319a8c949a47bcdf0c8 2137 xerces-c_3.1.1-5.1+deb8u4.dsc 6c4c5c2a9b420c1b86dba69a89aba8762ea8525e 10668 xerces-c_3.1.1-5.1+deb8u4.debian.tar.xz 2001a3a1ac423f1829cb3bdff2a345bc0081cd0a 1285926 libxerces-c-doc_3.1.1-5.1+deb8u4_all.deb 0154f2fb4d04b0f7aa58e671adc87351e0d3634d 863948 libxerces-c3.1_3.1.1-5.1+deb8u4_amd64.deb a012ac3b97f6af55690e61c849e78351c73b433c 1716676 libxerces-c-dev_3.1.1-5.1+deb8u4_amd64.deb 63d09e175ddef67b40a56949750c2e0d0facbb84 123048 libxerces-c-samples_3.1.1-5.1+deb8u4_amd64.deb Checksums-Sha256: 1510d55907f784fdd91714951e1f039bcfce112942770798d0f9dd938ecc33e0 2137 xerces-c_3.1.1-5.1+deb8u4.dsc f95aef3e86133fb2ce8830543eb3f4273d01f531623ace54637427763e18d721 10668 xerces-c_3.1.1-5.1+deb8u4.debian.tar.xz 62e4681004ef13a763212699ef85da6f4b6a439b51bb0832120ece75f1e09e2c 1285926 libxerces-c-doc_3.1.1-5.1+deb8u4_all.deb 58cb07577bf932ef2780ef4097703a2e2e04e361e691d4f04961bdd96f6a0a9f 863948 libxerces-c3.1_3.1.1-5.1+deb8u4_amd64.deb 251c1a08f5afe0f0ac42658cced62dfae44240dfdb8d14c928b899cab873d0bf 1716676 libxerces-c-dev_3.1.1-5.1+deb8u4_amd64.deb 53d704c71b3764865ba61999765616289bab1fca30c9c6e1797307751611d75b 123048 libxerces-c-samples_3.1.1-5.1+deb8u4_amd64.deb Files: 756e8ca8674eb04d671466148f646026 2137 libs optional xerces-c_3.1.1-5.1+deb8u4.dsc 484a6f33a2fec332ff04c1997eae7398 10668 libs optional xerces-c_3.1.1-5.1+deb8u4.debian.tar.xz bf9a577268b267c1aebd9120d9cb7756 1285926 doc optional libxerces-c-doc_3.1.1-5.1+deb8u4_all.deb 26e15d7020191d9417033724258ce679 863948 libs optional libxerces-c3.1_3.1.1-5.1+deb8u4_amd64.deb aead50264d3559f08905b1f9e3f668dc 1716676 libdevel optional libxerces-c-dev_3.1.1-5.1+deb8u4_amd64.deb 715e45cb21667a33a86d9fe54bd976a1 123048 devel optional libxerces-c-samples_3.1.1-5.1+deb8u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQKkBAEBCACOFiEEXN0MnPRGvBslCYeRF2LgInA0z4QFAlrhg39fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDVD REQwQzlDRjQ0NkJDMUIyNTA5ODc5MTE3NjJFMDIyNzAzNENGODQQHGRldmVsQGJs b3VnaC51cwAKCRAXYuAicDTPhCPUEACmQ+txRPbbGuXZLW9Dtw7fxZApYbBpuuzJ a6Cw0Afhtp6F7P4Yv4zR6FrG3rLmW3j7sV5LYlLkmTqhle9iIUoCbU/Jzn/4wQxG 0AnoIB4fnqMqmDRBzYyRgGP1RpWX2A2GZkfOrN9jlKk8VR9eIrMRH/81EiaHZWVd 8V6lxMFq0DIzsAsAOseD7ewJPFFNU26qTvVdptS6PsUOf02Nxc1p+KwBiEKk1aZU RvJPuli9foRBAvb0B4QoNiSbI+UW0jk1Crc2EyrNNYJjCFk5XQeZxYoVxsl/C94F 72eMMy9kjBitrTUZle0m3vpO51FjikJuXqpTodCmAsSBoc+qG6Jbrz6L3XKKRipw 9h11vAXauAF//vg+E9V6x+E69E0txO9AjU+7CjWXZ6EWOfLJgd8fVJAeB3AkrWIC uP3V1ov3geEAY7iVIWzKwugtbh64aRWmy5zQDjNHrBMfKAPUESFLFtMYDspXROyy cXkNHDWJcfzpunaPFcqMb081JLhfziifBpTr2U6rn4IClWO42dnvflbwXwnFoe6l zad1uInMPM/2WOg1ZWs/Bra3nTz9Nw3P+CIFIRcJQ6U86wKd4TAW7vgPi+RfIfSa e8JIUyv/MWJ3GYOzv2NPaZPekkDhihJrgkCYmckHHJrrf8Kdrra4wguksP1MYUl7 d9Ji74JOhg== =lxIF -----END PGP SIGNATURE-----