Re: addressing CVE-2018-1311/XERCESC-2188
On 06/03/2020 07:52, Hugo Lefeuvre wrote:
>> FYI it seems none of your messages made it to the Xerces c-dev
>> Are you still working on a patch?
> unfortunately, I did not manage to find time for my LTS duties in february
> and I doubt that it will be any different in march and april. Since I
> want to slow down the work here, I will step back in the next two months.
> Sylvain, it would be great if you could take over there.
> Regarding the xerces-c mailing list: I don't know, I have tried to resend
> the message multiple times from different addresses after properly
> subscribing, and still they did not make it to the list.
> thanks for the reminder.
For reference, the discussion moved to
https://issues.apache.org/jira/browse/XERCESC-2188 (which is
incidentally properly fw'd to the c-dev list).
One issue with your direction is that it may break ABI-compatibility,
but more importantly there doesn't seem to be Xerces people available to
review changes to that part of the code at the moment.