CVE-2009-2625 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2625): Apache Xerces2 Java, as used in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 and JDK and JRE 5.0 before Update 20, and in other products, allows remote attackers to cause a denial of service (infinite loop and application hang) via malformed XML input, as demonstrated by the Codenomicon XML fuzzing framework.
patch: http://svn.apache.org/viewvc?view=rev&revision=787353
Vendor Statements Python: We are working on a fix.
nevermind the last comment, thx
*xerces-2.11.0 (26 May 2012) 26 May 2012; Ralph Sennhauser <sera@gentoo.org> +xerces-2.11.0.ebuild, +files/xerces-2.11.0-build.xml.patch: Security bump. #280611 Don't let taskdef point to non-existent jar. #351394
Arches, please test and mark stable: =dev-java/xerces-2.11.0 Target keywords : "amd64 ppc ppc64 x86"
The following keyword changes are necessary to proceed: =dev-java/xml-commons-external-1.4.01 amd64 ok
amd64 stable
x86 stable
ppc64 done
ppc stable, last arch done.
Thanks, everyone. GLSA vote: no.
GLSA Vote: no, too. Closing noglsa.