Accepted xerces-c 3.1.1-3+deb7u5 (source all amd64) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 Mar 2018 23:03:32 +0200
Source: xerces-c
Binary: libxerces-c3.1 libxerces-c-dev libxerces-c-doc libxerces-c-samples
Architecture: source all amd64
Version: 3.1.1-3+deb7u5
Distribution: wheezy-security
Urgency: high
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libxerces-c-dev - validating XML parser library for C++ (development files)
libxerces-c-doc - validating XML parser library for C++ (documentation)
libxerces-c-samples - validating XML parser library for C++ (compiled samples)
libxerces-c3.1 - validating XML parser library for C++
Changes:
xerces-c (3.1.1-3+deb7u5) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of
Offensive Research discovered that the Xerces-C XML parser mishandles
certain kinds of external DTD references, resulting in dereference of a
NULL pointer while processing the path to the DTD. The bug allows for a
denial of service attack in applications that allow DTD processing and do
not prevent external DTD usage, and could conceivably result in remote code
execution.
Checksums-Sha1:
5d8c9e6a362da8f8f9988e07a9c39ec7a210360e 2093 xerces-c_3.1.1-3+deb7u5.dsc
470331bf1c4b8462b964dda9e32e8471446cb70b 10600 xerces-c_3.1.1-3+deb7u5.debian.tar.gz
dd5767030021be6421a6ad85cb713cabdbfdc88a 2589212 libxerces-c-doc_3.1.1-3+deb7u5_all.deb
6b0140f24c3d286bf3b80e52d113910fc5e732dd 1141068 libxerces-c3.1_3.1.1-3+deb7u5_amd64.deb
70c665729ad47af641a11853fa23b194ca8e1b69 2957410 libxerces-c-dev_3.1.1-3+deb7u5_amd64.deb
ef620bbce58392302d23ea7f93b11faf6b22a13e 242280 libxerces-c-samples_3.1.1-3+deb7u5_amd64.deb
Checksums-Sha256:
5b764a8c0acca2fb9da8cde622c47ec0f478a32dd83636469f1271d38939a260 2093 xerces-c_3.1.1-3+deb7u5.dsc
9ebaaa1d29b72a48b0a85aeb958f783f5ced75f8245081008ceef8278445f52b 10600 xerces-c_3.1.1-3+deb7u5.debian.tar.gz
1912445b47e8946dd4f029493cb6876d362b8e912f2b9f004ca6e74d0adebbff 2589212 libxerces-c-doc_3.1.1-3+deb7u5_all.deb
fe0ebac9939b43a16cf5725df84061afa8d2d178f00f7706e74d344885150974 1141068 libxerces-c3.1_3.1.1-3+deb7u5_amd64.deb
79b07691f2f84d3b300a4007322a308467d296ac89b481e024fca4607a449bd0 2957410 libxerces-c-dev_3.1.1-3+deb7u5_amd64.deb
c746db96969673048cf6838d776986a665ccd150fcd7f52e2208b7e47f8c8918 242280 libxerces-c-samples_3.1.1-3+deb7u5_amd64.deb
Files:
20f88c61f69c9897842c9c54c500081c 2093 libs optional xerces-c_3.1.1-3+deb7u5.dsc
88e2c4718d5235f47641431e8ab30f89 10600 libs optional xerces-c_3.1.1-3+deb7u5.debian.tar.gz
ad801faeb31318906ecc3d944531cab3 2589212 doc optional libxerces-c-doc_3.1.1-3+deb7u5_all.deb
55a67c2d2ff9a27200d0d8c389c31285 1141068 libs optional libxerces-c3.1_3.1.1-3+deb7u5_amd64.deb
6e0d2fe0346505f0c0a1f1fe56a95187 2957410 libdevel optional libxerces-c-dev_3.1.1-3+deb7u5_amd64.deb
89520347b9dad6642c91f0604147280f 242280 devel optional libxerces-c-samples_3.1.1-3+deb7u5_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlq9V/lfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HklmgQAI3p7GVmggCNQVG0CUjo1VIZqTE3jo6Euxvs
nKTKaoD1e3ninp8ekYcof3eeHAmUc6RXo/jViRR15TKIVlGU4cJ0wkGhtKBo8kSF
ot2sSaBjkK544qf21dJdyOjylJifPgaDDhRaQ3QXUBN0gdmh/tlhYLerG0/Ys5Fb
beDYuhmF/7cqCpR3NX0410CH8jBiyZHDgQPqU0Soj/VUCuOyvThEFjVlLy5PzzA+
HWMbSTi0h/SnSDiek15NyZXKtffCfU9t9urzjBV02/puXCwKvFj4l+7DNiBUoAVS
0qJErNrTheFr/BsK7zILJnkE4Guk705UrHSsg8tTloipVmonh/D2hhy2eb3ru5Qf
MwzUO7PAkz/HMZ7UAzkPSLiOGttnrJl7t2+iqu13G5tsLcLtJY9oFrelcyPHyYLX
y+0eJnIYTkl92Eh+yyftu/FKC7fgWlXLP8wV8Os8pFY/j8exSTCGscVDkIhw13zV
3SJc7WtpMfMTozZ6ErKRLMbrPhxFIEkU141JBbVrUeWZwuYUdMRAgqa2GOQSvYuy
wDtC9pYc3fqzmE/hl0gxFBj3erODP8nJIvAkTPBXGs8DLdnzdC35vgimFDQkKjm3
+WbEhwKNBQd8RV8kZ7kkmIHyH9K0aqsZ4kkdNT4Xr0BX4n34EZ46D4MXvaUiZG1O
ewZ06VSM
=6ZdY
-----END PGP SIGNATURE-----