[
https://issues.apache.org/jira/browse/XERCESC-2188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17716910#comment-17716910
]
Scott Cantor commented on XERCESC-2188:
---------------------------------------
I will update the advisory tonight or tomorrow with some information about it
but it's not going to keep getting updated like this because some scanner is
broken and misused. Since patches are infrequent, hopefully that will hold it
for a while.
> Use-after-free on external DTD scan
> -----------------------------------
>
> Key: XERCESC-2188
> URL: https://issues.apache.org/jira/browse/XERCESC-2188
> Project: Xerces-C++
> Issue Type: Bug
> Components: Validating Parser (DTD)
> Affects Versions: 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.1.3,
> 3.1.4, 3.2.1, 3.2.2
> Reporter: Scott Cantor
> Priority: Major
> Attachments: Apache-496067-disclosure-report.pdf
>
>
> This is a record of an unfixed bug reported in 2018 in the DTD scanner, per
> the attached PDF, corresponding to CVE-2018-1311.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
