That's great Alberto. Many thanks. I don't know why my search didn't find it!
Cheers, Graham -----Original Message----- From: Alberto Massari <albertomass...@tiscali.it> Sent: 28 May 2021 11:13 To: c-users@xerces.apache.org Subject: Re: Security vulnerability - CVE-2018-1311 Hi Graham, the issue is tracked by https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.apache.org_jira_browse_XERCESC-2D2188&d=DwIC-g&c=cxWN2QSDopt5SklNfbjIjg&r=Wl61nXdRfIRnjZZNtPVJFuBXLtD4MireJC9mpFT6kgk&m=jJUjteQnpRWlk3YEuJwMW1sbMCXHiBIT9bZVtih0pa0&s=zrgZRhmRcX7pn684FSSzG8pY6tIjLsChmT5kzblDpAE&e= Alberto Il 28/05/21 11:21, BEEK Graham ha scritto: > Hi, > > I've just heard about this vulnerability in Xerces-C 3.2.2. > > Although I can see the advisory, there's no mention of it in the bug list. Is > this intentional? I was expecting some kind of analysis/response, if not a > fix. Looks like it was reported over a year ago. I'm not sure of the > timeframe of this sort of thing, maybe it needs to be verified before being > acted on? > > Anyway, I was just wondering what the state of it is and whether there's any > "official" response, even if it's still "we're looking at it". > > Cheers, > Graham > This message contains information that may be privileged or confidential and > is the property of the Capgemini Group. It is intended only for the person to > whom it is addressed. If you are not the intended recipient, you are not > authorized to read, print, retain, copy, disseminate, distribute, or use this > message or any part thereof. If you receive this message in error, please > notify the sender immediately and delete all copies of this message. >
