------------------------------------------------------------------------- Debian LTS Advisory DLA-3701-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin December 31, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : tinyxml Version : 2.6.2-4+deb10u2 CVE ID : CVE-2023-34194 CVE-2023-40462 Debian Bug : 1059315 A reachable assertion issue has been discovered in tinyxml, a C++ XML parsing library, which could lead to denial of service via a crafted XML document with a '\0' located after whitespace. For Debian 10 buster, these problems have been fixed in version 2.6.2-4+deb10u2. We recommend that you upgrade your tinyxml packages. For the detailed security status of tinyxml please refer to its security tracker page at: https://security-tracker.debian.org/tracker/tinyxml Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature