Bug#896942: jessie-pu: package xerces-c/3.1.1-5.1+deb8u3
Control: tags -1 + confirmed
On Thu, 2018-04-26 at 03:53 -0400, William Blough wrote:
> I would like to update xerces-c in a future point release. This
> update
> will fix one issue:
>
> * Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali
> of
> Offensive Research discovered that the Xerces-C XML parser
> mishandles
> certain kinds of external DTD references, resulting in
> dereference of a
> NULL pointer while processing the path to the DTD. The bug allows
> for a
> denial of service attack in applications that allow DTD
> processing and do
> not prevent external DTD usage, and could conceivably result in
> remote code
> execution.
Please go ahead.
Regards,
Adam
Reply to: