[
https://issues.apache.org/jira/browse/XERCESC-2061?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15848435#comment-15848435
]
Scott Cantor commented on XERCESC-2061:
---------------------------------------
I don't know the answers to really any of the questions you're asking. I would
not make samples available outside the PMC even if I do have them, that
wouldn't be a responsible thing to do. I barely remember the fixes involved,
and I know virtually none of the code I was fixing, I simply did what I could
best manage to do to defend my own project's use of this code because nobody
else would do it. That should tell you all you need to know to make a decision.
I know what mine would be.
> Buffer overruns in prolog parsing and error handling
> ----------------------------------------------------
>
> Key: XERCESC-2061
> URL: https://issues.apache.org/jira/browse/XERCESC-2061
> Project: Xerces-C++
> Issue Type: Bug
> Components: Non-Validating Parser, Validating Parser (DTD),
> Validating Parser (XML Schema)
> Affects Versions: 3.1.2
> Reporter: Scott Cantor
> Priority: Blocker
> Fix For: 3.2.0, 3.1.3
>
>
> Vulnerabilities were reported to the project that led to the discovery of
> several buffer overflows.
> The issue was publically disclosed as CVE-2016-0729
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
