Summary: | dev-libs/xerces-c: XML parser contains a use-after-free error triggered during the scanning of external DTDs | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Andreas Sturmlechner <asturm> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | CONFIRMED --- | ||
Severity: | minor | CC: | ajak, maintainer-needed |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1311 | ||
See Also: |
https://github.com/apache/xerces-c/pull/47 https://issues.apache.org/jira/browse/XERCESC-2188 |
||
Whiteboard: | B3 [upstream/ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
Andreas Sturmlechner
![]() Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. There's an apparently leaky fix here: https://issues.apache.org/jira/browse/XERCESC-2188 And there appears to be a better fix here, with a new CVE and advisory: https://github.com/apache/xerces-c/pull/54 https://www.openwall.com/lists/oss-security/2024/02/16/1 |