[Git][security-tracker-team/security-tracker][master] CVE-2018-1311/xerces-c: reference RedHat fix, jessie postponed

Wed Mar 11 18:57:22 GMT 2020


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
c12ae0e1 by Sylvain Beucler at 2020-03-11T19:54:53+01:00
CVE-2018-1311/xerces-c: reference RedHat fix, jessie postponed

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -131704,8 +131704,10 @@ CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest a
 	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/7
 CVE-2018-1311 (The Apache Xerces-C 3.0.0 to 3.2.2 XML parser contains a use-after-fre ...)
 	- xerces-c <unfixed> (bug #947431)
+	[jessie] - xerces-c <postponed> (slow upstream interest, proper fix likely to break ABI compatibility)
 	NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2018-1311.txt
 	NOTE: https://issues.apache.org/jira/browse/XERCESC-2188
+	NOTE: http://vault.centos.org/7.7.1908/updates/Source/SPackages/xerces-c-3.1.1-10.el7_7.src.rpm (fix with possible memory leak)
 CVE-2018-1310 (Apache NiFi JMS Deserialization issue because of ActiveMQ client vulne ...)
 	NOT-FOR-US: Apache NiFi
 CVE-2018-1309 (Apache NiFi External XML Entity issue in SplitXML processor. Malicious ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c12ae0e1f0fd3f1b2b95df41683bc3f4baa9f1e3

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c12ae0e1f0fd3f1b2b95df41683bc3f4baa9f1e3
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200311/c50ecd97/attachment.html>
