Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits: 31af2465 by Sylvain Beucler at 2024-01-02T12:08:01+01:00 CVE-2018-1311/xerces-c: further detail on recent new fix - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -406604,7 +406604,7 @@ CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-afte NOTE: http://vault.centos.org/7.7.1908/updates/Source/SPackages/xerces-c-3.1.1-10.el7_7.src.rpm (fix with memory leak, applied in DLA-2498-1 and DSA-4814-1) NOTE: Mitigation by setting the XERCES_DISABLE_DTD environment variable NOTE: Fixed by: https://github.com/apache/xerces-c/commit/e0024267504188e42ace4dd9031d936786914835 (v3.2.5) - NOTE: Fix replaced with upstream vetted patch (without introducing memory leak) in 3.2.4+debian-1.1 + NOTE: Fix replaced with upstream-vetted patch (without introducing memory leak and binary-compatible) in 3.2.4+debian-1.1 CVE-2018-1310 (Apache NiFi JMS Deserialization issue because of ActiveMQ client vulne ...) NOT-FOR-US: Apache NiFi CVE-2018-1309 (Apache NiFi External XML Entity issue in SplitXML processor. Malicious ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31af2465e82556b91f269cfdc113f86c86d10730 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31af2465e82556b91f269cfdc113f86c86d10730 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits