Accepted xerces-c 3.1.4+debian-2+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 26 Apr 2018 00:35:59 -0400
Source: xerces-c
Binary: libxerces-c3.1 libxerces-c-dev libxerces-c-doc libxerces-c-samples
Architecture: source amd64 all
Version: 3.1.4+debian-2+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: William Blough <devel@blough.us>
Changed-By: William Blough <devel@blough.us>
Description:
libxerces-c-dev - validating XML parser library for C++ (development files)
libxerces-c-doc - validating XML parser library for C++ (documentation)
libxerces-c-samples - validating XML parser library for C++ (compiled samples)
libxerces-c3.1 - validating XML parser library for C++
Changes:
xerces-c (3.1.4+debian-2+deb9u1) stretch; urgency=medium
.
* Fix CVE-2017-12627: Alberto Garcia, Francisco Oca and Suleman Ali of
Offensive Research discovered that the Xerces-C XML parser mishandles
certain kinds of external DTD references, resulting in dereference of a
NULL pointer while processing the path to the DTD. The bug allows for a
denial of service attack in applications that allow DTD processing and do
not prevent external DTD usage, and could conceivably result in remote code
execution.
* Fix a regression that forced gcc to use SSE2, even on platforms that do not
support it (e.g., i386). This caused program crashes due to invalid CPU
instructions.
Checksums-Sha1:
5d1f27311e52b03f3507d4750621df7605d7cfd5 2449 xerces-c_3.1.4+debian-2+deb9u1.dsc
28ad5770760e5e5a105c19bbc4a2f19d0e6bad0d 23980 xerces-c_3.1.4+debian-2+deb9u1.debian.tar.xz
2da9874b37ba2e0090342ad90a2ba717d4a86a74 1629248 libxerces-c-dev_3.1.4+debian-2+deb9u1_amd64.deb
715633006511a995c661e022636367ae54153319 1751056 libxerces-c-doc_3.1.4+debian-2+deb9u1_all.deb
a056d150d409aa8106b44825a4c74088fdd8bc7a 1103474 libxerces-c-samples-dbgsym_3.1.4+debian-2+deb9u1_amd64.deb
4658a38ca57985857f3e047bc5a32e697daf816e 129970 libxerces-c-samples_3.1.4+debian-2+deb9u1_amd64.deb
8e65efd856f41e06ebb3a7ff4892f62c52cf0595 6137110 libxerces-c3.1-dbgsym_3.1.4+debian-2+deb9u1_amd64.deb
9330b3919aca34956cfda56b1c2265b4f5adffc7 842232 libxerces-c3.1_3.1.4+debian-2+deb9u1_amd64.deb
b94cda8305732a7f7942f3935af333a74a6ff2d4 10681 xerces-c_3.1.4+debian-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
edf16ad346b60877cb876692c72c2fe7eafdf4e39df51d0aaeb3dd64204c0e5f 2449 xerces-c_3.1.4+debian-2+deb9u1.dsc
12d7666bf2d5dfa40fe4667a36f2e6a75c44e07de5a07c395d08b997b3fdc56a 23980 xerces-c_3.1.4+debian-2+deb9u1.debian.tar.xz
de1ec5d613f68517dab8a823eb0aea145c4d084fe17567519e95d53d5f16adf8 1629248 libxerces-c-dev_3.1.4+debian-2+deb9u1_amd64.deb
85fbe87449252c346cf393e4fdc66286317246a67e7c4c227a38f161b4245dfc 1751056 libxerces-c-doc_3.1.4+debian-2+deb9u1_all.deb
cc4d2cabc8e9214ea6327d6ff570da66bb7bc9806c348e215e5cf3ff35920d5e 1103474 libxerces-c-samples-dbgsym_3.1.4+debian-2+deb9u1_amd64.deb
fcfc2100badb9d2297a6b857e4b84f495b4c78ae0249db4341007d421c440fc8 129970 libxerces-c-samples_3.1.4+debian-2+deb9u1_amd64.deb
600564c5c82a3046b2ba76e093565a8c183de8adc9d3022867ba9ace19f318be 6137110 libxerces-c3.1-dbgsym_3.1.4+debian-2+deb9u1_amd64.deb
4e99dc4eb77e0e6355d579433e89abbd1c6c99d73854a033191419f45861a112 842232 libxerces-c3.1_3.1.4+debian-2+deb9u1_amd64.deb
610f0a5ee29eb1237f5fc728f3b6c9019762a1593766e90d157790d51488b437 10681 xerces-c_3.1.4+debian-2+deb9u1_amd64.buildinfo
Files:
036ad82e94df2e65863b3c4aeffa396e 2449 libs optional xerces-c_3.1.4+debian-2+deb9u1.dsc
4b969ae770cbe5aac2d14da78ceecf81 23980 libs optional xerces-c_3.1.4+debian-2+deb9u1.debian.tar.xz
b1e8905bcde12425455ccd35585ef230 1629248 libdevel optional libxerces-c-dev_3.1.4+debian-2+deb9u1_amd64.deb
0bdb0d3297419e52aec8710b915d6ff3 1751056 doc optional libxerces-c-doc_3.1.4+debian-2+deb9u1_all.deb
f8e3948e839dd62e99d54bd6bffea529 1103474 debug extra libxerces-c-samples-dbgsym_3.1.4+debian-2+deb9u1_amd64.deb
f39eb631c97aa90e0848ccdc045713f7 129970 devel optional libxerces-c-samples_3.1.4+debian-2+deb9u1_amd64.deb
bd83bc4031807a5eecca9a9c9e9bb866 6137110 debug extra libxerces-c3.1-dbgsym_3.1.4+debian-2+deb9u1_amd64.deb
00a4d715befab3ae05a698a090f2d0ab 842232 libs optional libxerces-c3.1_3.1.4+debian-2+deb9u1_amd64.deb
0df569df0e5fe3b15f2e3a7ac2883a4e 10681 libs optional xerces-c_3.1.4+debian-2+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKkBAEBCACOFiEEXN0MnPRGvBslCYeRF2LgInA0z4QFAlrhfDpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDVD
REQwQzlDRjQ0NkJDMUIyNTA5ODc5MTE3NjJFMDIyNzAzNENGODQQHGRldmVsQGJs
b3VnaC51cwAKCRAXYuAicDTPhKFqEACspSVDdF3TmtX69mVhFlGN4Mpx/7FqxDiQ
SAdfr8Bduo8tf6yR7zDyfZYlX+QgIVYiZPMW6Tt1ZcUbD0zKMPp1YW3FoaUBFyO9
WWsH5HbRXadKI2k/JtuU09xKDDngPNKAsKlCvaoHES7DqX8FsJ/swXjxJJzC68lG
jkM44TUbbaouRB/w6JW1aoS+tlnb6PTjZpMe76mye5FlrdEsjLpHt6e3Z2OxbXId
e20WUsvyJPo4/oyHsuQ6T9J5RUQha2HTvOvnHc3M4BQih25me4gx8uC0c2H1myTJ
LWz1WgO1eeJ5EC0QaYBS1+ZSny3ydMBJdTtD8LTfXDIns+CHp3IwZZLTU6MY3voo
BU2b3sCZrw9pKf9hsk3JwG5WsE3IHHItsSJydVqYSpxl9bw3gzot8nE89hx16yhI
vPKPRwibxlznFdzoJNK/dQroB2rrawmmtofHU8QFnlEfh/HFaCAkIkbUeD53Hmdo
3XQuxU0KIYpZhjJ1E4tdd4wbPx+dn/5TwyrCLWiI9Qdu3C56SnKvNyc+4wLpbaKx
TvsO8qu2U1jHE7TY80t5F5NvZv4YKBt6CdOxLAZDja8oiti2pd8Bu63ruUdrFuUS
5b2XDw7T8GL96qGMiczZHi2TpO4nuesrHVPiAP04iiNMIPzRIUYhfIKz73rBHiTE
sms5209yGQ==
=aIHu
-----END PGP SIGNATURE-----