[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3130-1] tinyxml security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3130-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                    Thorsten Alteholz
October 01, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : tinyxml
Version        : 2.6.2-4+deb10u1
CVE ID         : CVE-2021-42260


An issue has been found in tinyxml, a C++ XML parsing library.
Crafted XML messages could lead to an infinite loop in
TiXmlParsingData::Stamp(), which results in a denial of service.


For Debian 10 buster, this problem has been fixed in version
2.6.2-4+deb10u1.

We recommend that you upgrade your tinyxml packages.

For the detailed security status of tinyxml please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tinyxml

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmM3eKVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEePGw/8DQcXp1Jyc28yRb84ky8VJnyWHH7F5fDuRMKEqLv8kGeAea3251c1fTH/
vgwJbrvNuau3A3LUslVahkEoLfzPd801c1AlBH1ielJGmkns3KTOoRFGqEROnLgf
O0WWlhjRtE4g+z/9GiVhZa44gBhwxftxzvEUxg+vScA1kzAKJB5OstUb4JJms8lF
YvOmUpDBoIryl3fRfKHf4AqF+0heDerCqf1Va+1bdM34i86H0sBJuJYU+W5WW0j8
vNC2l7jcZyFkp/QdS+rzoWEBRfrFryM6yP6iA2o13cXAv/t15S3aDle2bRvUHjwz
mwxrZTX47T8PnzH4c+DM6WVcuOsGRvpmZaPBgwQHbljtVj3GnuYdXMwvwP9oEZxT
oYjuqxe8/sAqQMebYcxVzL7H15uztS9ZnE0bZ0tUhIYZM1DMgTSISoL5mTNClk0J
nqINNIc4X5a7y9HOuItSluOAZmL0ovAuiAgj7GtePftEHlLEDOxOKovbl1uSTUfD
rHzJQ1BX1+H1QDbP5o+lqrBu2NDon3nWOF3PgyGqqkUDs0y9MgJUwe9ZgroJom6O
CGqYXfGd6VxlvHpGhC0RX2pcXukkNobzn2Jk+iSj1ro77dVSvdIVNU29CmjYKp+r
OOJ9IKDL0ZcxNZ+vEcxP0b8+fg4oZCvzZAQ9edU1fWRM2gh7fDk=
=GrEH
-----END PGP SIGNATURE-----
Reply to: