Peter Major <peter.ma...@forgerock.com> wrote on 11/05/2015 02:24:58 AM:
> How about these then? > https://bugzilla.redhat.com/show_bug.cgi?id=1273638 Xerces doesn't support that property. > https://bugzilla.redhat.com/show_bug.cgi?id=1273645 Xerces doesn't have a StAX XML parser. > https://bugzilla.redhat.com/show_bug.cgi?id=1273637 The portion of the hashing collision issue that applies to Xerces is fixed on the trunk (in other words, after Xerces 2.11.0). See: http://svn.apache.org/viewvc?view=revision&revision=1357381. The rest of the hashing issue is in the Java platform itself. See http://openjdk.java.net/jeps/180. > 2015. 11. 04. 16:38 keltezéssel, Michael Glavassevich írta: > > As they did not disclose any details in these reports, only Oracle would > > know. > > > > Thanks. > > > > Michael Glavassevich > > XML Technologies and WAS Development > > IBM Toronto Lab > > E-mail: mrgla...@ca.ibm.com > > E-mail: mrgla...@apache.org > > > > Peter Major <peter.ma...@forgerock.com> wrote on 11/04/2015 03:36:26 AM: > > > >> Hi, > >> > >> it appears that Oracle has fixed some XML parsing related security > >> vulnerabilities: > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803 > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893 > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911 > >> > >> Is it possible that these also affect Xerces 2.11.0? > >> > >> Regards, > >> Peter > > --------------------------------------------------------------------- > To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org > For additional commands, e-mail: j-users-h...@xerces.apache.org Michael Glavassevich XML Technologies and WAS Development IBM Toronto Lab E-mail: mrgla...@ca.ibm.com E-mail: mrgla...@apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: j-users-unsubscr...@xerces.apache.org For additional commands, e-mail: j-users-h...@xerces.apache.org