This is an automated email from the ASF dual-hosted git repository.
scantor pushed a commit to branch xerces-3.3
in repository https://gitbox.apache.org/repos/asf/xerces-c.git
The following commit(s) were added to refs/heads/xerces-3.3 by this push:
new ab7a8599a Adjust security doc page.
ab7a8599a is described below
commit ab7a8599a15916c9de49525b730b82a6544cadff
Author: Scott Cantor <canto...@osu.edu>
AuthorDate: Thu Mar 6 08:25:24 2025 -0500
Adjust security doc page.
---
doc/secadv.xml | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/doc/secadv.xml b/doc/secadv.xml
index 09ec6e517..8aad7f9e5 100644
--- a/doc/secadv.xml
+++ b/doc/secadv.xml
@@ -36,12 +36,20 @@
</s2>
+<s2 title="Unaddressed Issues">
+<p>The following security advisories apply to all released versions and are not
+believed to have been addressed. The project does not vouch for the accuracy of
+any advisories created by third parties but will publish any that appear
credible.</p>
+<ul>
+ <li><jump href="secadv/CVE-2012-0880.txt">CVE-2012-0880: Apache Xerces-C
hash table collisions CPU usage DoS</jump></li>
+</ul>
+</s2>
+
<s2 title="Addressed in 3.2.5 and Later Releases">
<p>The following security advisories apply to versions of
Xerces-C older than V3.2.5:</p>
<ul>
<li><jump href="secadv/CVE-2018-1311.txt">CVE-2018-1311: Apache Xerces-C
use-after-free vulnerability scanning external DTD</jump></li>
- <li><jump href="secadv/CVE-2012-0880.txt">CVE-2012-0880: Apache Xerces-C
hash table collisions CPU usage DoS</jump></li>
</ul>
</s2>
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
