Summary: | <dev-libs/xerces-c-3.1.2: XML Parser Crashes on Malformed Input (CVE-2015-0252) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cpp+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/03/20/1 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-03-20 16:13:32 UTC
CVE-2015-0252 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0252): internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data. +*xerces-c-3.1.2 (26 May 2015) + + 26 May 2015; Sergey Popov <pinkbyte@gentoo.org> +xerces-c-3.1.2.ebuild: + Security bump, wrt bug #543930. Bump EAPI to 5, add epatch_user, add subslot + to dev-libs/icu dependency, wrt bug #522670 Arches, please test and mark stable =dev-libs/xerces-c-3.1.2 Target keywords: alpha amd64 hppa ppc ppc64 sparc x86 amd64 stable Stable for HPPA PPC64. sparc stable ppc/x86 stable alpha stable. Maintainer(s), please cleanup. Security, please vote. Arches and Maintainer(s), Thank you for your work. Maintainer(s), please drop the vulnerable version(s). Remove version: 3.1.1-r1 GLSA Vote: No GLSA Vote: No Cleanup is done |