Bug#1061473: bookworm-pu: package tinyxml/2.6.2-6+deb12u1
Control: tags -1 + moreinfo
On Thu, 2024-01-25 at 04:45 +0100, Guilhem Moulin wrote:
> Fix CVE-2023-34194: Reachable assertion (and application exit) via a
> crafted XML document with a '\0' located after whitespace.
+ * Fix CVE-2023-34194 / CVE-2023-40462: Reachable assertion (and
application
As far as I can tell from the Security Tracker, CVE-2023-40462
specifically refers to TinyXML's use in software that isn't in Debian.
Does it make sense to mention it in the changelog?
Regards,
Adam
Reply to: