Package: xerces-c / 3.1.1-5.1+deb8u4

Metadata

Package Version Patches format
xerces-c 3.1.1-5.1+deb8u4 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
hurd path max.patch | (download)

src/xercesc/util/FileManagers/PosixFileMgr.cpp | 64 45 + 19 - 0 !
1 file changed, 45 insertions(+), 19 deletions(-)

 check for path_max
Bug: https://issues.apache.org/jira/browse/XERCESC-1998
Bug-Debian: http://bugs.debian.org/636568
CVE 2015 0252.patch | (download)

src/xercesc/internal/XMLReader.cpp | 33 33 + 0 - 0 !
1 file changed, 33 insertions(+)

 cve-2015-0252: apache xerces-c xml parser crashes on malformed input
 The Xerces-C XML parser mishandles certain kinds of malformed input
 documents, resulting in a segmentation fault during a parse operation.
CVE 2016 0729.patch | (download)

src/xercesc/internal/XMLReader.cpp | 85 82 + 3 - 0 !
src/xercesc/util/XMLURL.cpp | 17 14 + 3 - 0 !
src/xercesc/util/XMLUri.cpp | 112 79 + 33 - 0 !
3 files changed, 175 insertions(+), 39 deletions(-)

 cve-2016-0729: buffer overlows during processing and error reporting
CVE 2016 2099.patch | (download)

src/xercesc/validators/DTD/DTDScanner.cpp | 10 9 + 1 - 0 !
1 file changed, 9 insertions(+), 1 deletion(-)

 cve-2016-2099: use-after-free in heap on specially crafted xml input
CVE 2016 4463.patch | (download)

src/xercesc/validators/DTD/DTDScanner.cpp | 14 11 + 3 - 0 !
src/xercesc/validators/DTD/DTDScanner.hpp | 1 1 + 0 - 0 !
2 files changed, 12 insertions(+), 3 deletions(-)

 cve-2016-4463: apache xerces-c xml parser crashes on malformed dtd
disable DTD processing through envvariable.patch | (download)

src/xercesc/internal/XMLScanner.cpp | 11 9 + 2 - 0 !
1 file changed, 9 insertions(+), 2 deletions(-)

 disable dtd processing through the use of an env variable
 XERCES_DISABLE_DTD set to "1" will cause the scanner to report a fatal
 error if a DTD is seen. Existing applications won't see any change.
CVE 2017 12627.patch | (download)

src/xercesc/util/PlatformUtils.cpp | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 cve-2017-12627