From ${URL} : CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Xerces-C XML Parser library versions prior to V3.1.2 Description: The Xerces-C XML parser mishandles certain kinds of malformed input documents, resulting in a segmentation fault during a parse operation. The bug does not appear to allow for remote code execution, but is a denial of service attack that in many applications may allow for an unauthenticated attacker to supply malformed input and cause a crash. Mitigation: Applications that are using library versions older than V3.1.2 should upgrade as soon as possible. Distributors of older versions should apply the patches from this subversion revision: http://svn.apache.org/viewvc?view=revision&revision=1667870 Credit: This issue was reported independently by Anton Rager and Jonathan Brossard from the Salesforce.com Product Security Team and by Ben Laurie of Google. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2015-0252 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0252): internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
+*xerces-c-3.1.2 (26 May 2015) + + 26 May 2015; Sergey Popov <pinkbyte@gentoo.org> +xerces-c-3.1.2.ebuild: + Security bump, wrt bug #543930. Bump EAPI to 5, add epatch_user, add subslot + to dev-libs/icu dependency, wrt bug #522670 Arches, please test and mark stable =dev-libs/xerces-c-3.1.2 Target keywords: alpha amd64 hppa ppc ppc64 sparc x86
amd64 stable
Stable for HPPA PPC64.
sparc stable
ppc/x86 stable
alpha stable. Maintainer(s), please cleanup. Security, please vote.
Arches and Maintainer(s), Thank you for your work. Maintainer(s), please drop the vulnerable version(s). Remove version: 3.1.1-r1 GLSA Vote: No
GLSA Vote: No
Cleanup is done