[SECURITY] [DLA 433-1] xerces-c security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 433-1] xerces-c security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 25 Feb 2016 19:47:45 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1602251937200.577@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : xerces-c
Version        : 3.1.1-1+deb6u2
CVE ID         : CVE-2016-0729

Gustavo Grieco discovered that xerces-c, a validating XML parser library
for C++, mishandles certain kinds of malformed input documents,
resulting in buffer overflows during processing and error reporting.
These flaws could lead to a denial of service in applications using the
xerces-c library, or potentially, to the execution of arbitrary code.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJWz0xRXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHX4oQAMTsAcyOs+smesuaKj/YfNsq
zfpoxaj/APQX3xKB/AVM4/NtZog/HS2qF4OKlymYGXINV2bea6Hywlp/t2akSujr
3mZXomGIqEFlREg+lKmurVYBmupt9MQdq++YbBQW6G2ppqICE4xJ/HGLOiN3uKlM
pMltQgQLTW3G4c/JzIm49mhWyvWZIk5PWLd/FgTXV+a7XHCfy/cHPo5DTpHQZhM4
N4JA4qAT8jNdmmxdayMztvbp9qqJnQX9WNf2vkdnYMeDPGiOWi3DQtkm/iVCzZZ9
aCY7IY9iutkBhT6W8lrSHuv8uhwZCehN7hq2INTwo1jPGQCTK5hVjJC+yiSVOv5N
zjg3AtbRseGc8MqSOZMdEQVCF3NyIrtASgRa0rhvlBFt0GF0uv/ctuscPDyZtYIV
xqxLjeoBnvulwwMJv4OZDM5maw/yRJTXJ9rREqpvnabwmMynhh3sbMkQl+XAa2R5
EB9bX07VNmfjwABfXBR+4e/gu22JsxmfdCQNO7ghSfzvpIXHZI825FTgtkpxBccU
6avNObQi7LEbprT7c8I8f5bio2OnHxi65xwrDGQjoSnJwm6tW4N3BSkCEKXpHbUE
fN3drTMg/TFyJg13aPPASbnVY+odfmnw9E6X6tCFjSpQSWoUdAt48SvPb+3Rl3yS
D869+xWXDSQnN51ARfAG
=H7kg
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA-432-1] postgresql-8.4 update
Next by Date: [SECURITY] [DLA 434-1] gtk+2.0 security update
Previous by thread: [SECURITY] [DLA-432-1] postgresql-8.4 update
Next by thread: [SECURITY] [DLA 434-1] gtk+2.0 security update
Index(es):
- Date
- Thread