[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: addressing CVE-2018-1311/XERCESC-2188

Hi,

On 06/03/2020 07:52, Hugo Lefeuvre wrote:
>> FYI it seems none of your messages made it to the Xerces c-dev
mailing list:
>>
https://mail-archives.apache.org/mod_mbox/xerces-c-dev/202001.mbox/browser
>>
>> Are you still working on a patch?
>
> unfortunately, I did not manage to find time for my LTS duties in february
> and I doubt that it will be any different in march and april. Since I
don't
> want to slow down the work here, I will step back in the next two months.
>
> Sylvain, it would be great if you could take over there.
>
> Regarding the xerces-c mailing list: I don't know, I have tried to resend
> the message multiple times from different addresses after properly
> subscribing, and still they did not make it to the list.
>
> thanks for the reminder.

For reference, the discussion moved to
https://issues.apache.org/jira/browse/XERCESC-2188 (which is
incidentally properly fw'd to the c-dev list).

One issue with your direction is that it may break ABI-compatibility,
but more importantly there doesn't seem to be Xerces people available to
review changes to that part of the code at the moment.

Cheers!
Sylvain
Reply to: