[ https://issues.apache.org/jira/browse/XERCESC-2188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17716910#comment-17716910 ]
Scott Cantor edited comment on XERCESC-2188 at 4/26/23 8:50 PM: ---------------------------------------------------------------- I will update the advisory tonight or tomorrow with some information about it but it's not going to keep getting updated like this because some scanner is broken and misused. Since patches are infrequent, hopefully that will hold it for a while. ETA: this is done. was (Author: canto...@osu.edu): I will update the advisory tonight or tomorrow with some information about it but it's not going to keep getting updated like this because some scanner is broken and misused. Since patches are infrequent, hopefully that will hold it for a while. > Use-after-free on external DTD scan > ----------------------------------- > > Key: XERCESC-2188 > URL: https://issues.apache.org/jira/browse/XERCESC-2188 > Project: Xerces-C++ > Issue Type: Bug > Components: Validating Parser (DTD) > Affects Versions: 3.0.0, 3.0.1, 3.0.2, 3.1.0, 3.1.1, 3.1.2, 3.2.0, 3.1.3, > 3.1.4, 3.2.1, 3.2.2 > Reporter: Scott Cantor > Priority: Major > Attachments: Apache-496067-disclosure-report.pdf > > > This is a record of an unfixed bug reported in 2018 in the DTD scanner, per > the attached PDF, corresponding to CVE-2018-1311. -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org For additional commands, e-mail: c-dev-h...@xerces.apache.org