Xml Vulnerability issue with C Xerces

2010-01-29 Thread Atul Parti 
Hi All,

I am looking for xml vulnerability for C-xerces,
Currently we are using Apache Xerces C++ 2.7.0.
I have discover that it has been rectified in Fixed in Red Hat versions
xerces-c27-2.7.0-8, xerces-c-2.7.0-8 and xerces-c-2.8.0-5.
But these are the source files and we are not building the application from
source code.
so can anyone has idea about: *is there any patch or maybe any latest
version which has handle this issue and can be used directly.*

With Regards
Atul Parti

Re: Xml Vulnerability issue with C Xerces

2010-02-01 Thread Boris Kolpackov 
Atul Parti  writes:

> is there any patch or maybe any latest version which has handle this 
> issue and can be used directly.

If you refer to the CVE-2009-1885 vulnerability, then it has been
fixed in the just-released Xerces-C++ 3.1.0.

Boris


-- 
Boris Kolpackov, Code Synthesishttp://codesynthesis.com/~boris/blog
Open-source XML data binding for C++   http://codesynthesis.com/products/xsd
XML data binding for embedded systems  http://codesynthesis.com/products/xsde
Command line interface to C++ compiler http://codesynthesis.com/projects/cli

-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org

Re: Xml Vulnerability issue with C Xerces

2010-02-02 Thread Atul Parti 
Thanks for sharing the info.

Does Apache Xerces C++ 3.0.1 is backward compatible.
Currently we are using Apache Xerces C++ 2.7.0 in our application.
Does it requires our application to be updated to support new version.

With Regards
Atul Parti

On Mon, Feb 1, 2010 at 6:18 PM, Boris Kolpackov wrote:

> Atul Parti  writes:
>
> > is there any patch or maybe any latest version which has handle this
> > issue and can be used directly.
>
> If you refer to the CVE-2009-1885 vulnerability, then it has been
> fixed in the just-released Xerces-C++ 3.1.0.
>
> Boris
>
>
> --
> Boris Kolpackov, Code Synthesis
> http://codesynthesis.com/~boris/blog
> Open-source  XML
> data binding for C++   http://codesynthesis.com/products/xsd
> XML data binding for embedded systems
> http://codesynthesis.com/products/xsde
> Command line interface to C++ compiler
> http://codesynthesis.com/projects/cli
>
> -
> To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
> For additional commands, e-mail: c-dev-h...@xerces.apache.org
>
>

RE: Xml Vulnerability issue with C Xerces

2010-02-02 Thread Scott Cantor 
Atul Parti wrote on 2010-02-02:
> Does Apache Xerces C++ 3.0.1 is backward compatible.
> Currently we are using Apache Xerces C++ 2.7.0 in our application.
> Does it requires our application to be updated to support new version.

Yes, possibly with substantial changes.

-- Scott



-
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org