[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] Add CVE-2017-12627/xerces-c
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 1 06:55:35 UTC 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d92c063c by Salvatore Bonaccorso at 2018-03-01T07:55:16+01:00
Add CVE-2017-12627/xerces-c
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -33975,8 +33975,11 @@ CVE-2017-12629 (Remote code execution occurs in Apache Solr before 7.1 with Apac
NOTE: Patch disallowing XXE: https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc4
CVE-2017-12628 (The JMX server embedded in Apache James, also used by the command line ...)
NOT-FOR-US: Apache James
-CVE-2017-12627
+CVE-2017-12627 [Apache Xerces-C DTD vulnerability processing external paths]
RESERVED
+ - xerces-c <unfixed>
+ NOTE: https://svn.apache.org/viewvc?view=revision&revision=1819998
+ NOTE: https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
CVE-2017-12626 (Apache POI in versions prior to release 3.17 are vulnerable to Denial ...)
- libapache-poi-java <unfixed> (bug #888651)
[stretch] - libapache-poi-java <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d92c063cfdb4c186d18f545d93fb5aacb5426c39
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d92c063cfdb4c186d18f545d93fb5aacb5426c39
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180301/7c748278/attachment.html>
More information about the Secure-testing-commits
mailing list