Package: xerces25 Severity: normal
Good day, >From [CAN-2004-1575] : | The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a | denial of service (CPU consumption) via XML attributes in a crafted | XML document. This problem have been fixed in version 2.6 of Xerces. It's not clear to me if prior versions ( xerces24, xerces23, xerces22, xerces21) are also vulnerable. I can filed bugs if you think it's appropriate. Could you also mention the CAN number in changelog entries about this problem. Regards. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) (ignored: LC_ALL set to [EMAIL PROTECTED]) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
