Author: scantor Date: Thu Feb 25 23:49:13 2016 New Revision: 1732401 URL: http://svn.apache.org/viewvc?rev=1732401&view=rev Log: Add latest security advisory.
Added: xerces/c/branches/xerces-3.1/doc/html/secadv/CVE-2016-0729.txt (with props) Modified: xerces/c/branches/xerces-3.1/doc/secadv.xml Added: xerces/c/branches/xerces-3.1/doc/html/secadv/CVE-2016-0729.txt URL: http://svn.apache.org/viewvc/xerces/c/branches/xerces-3.1/doc/html/secadv/CVE-2016-0729.txt?rev=1732401&view=auto ============================================================================== --- xerces/c/branches/xerces-3.1/doc/html/secadv/CVE-2016-0729.txt (added) +++ xerces/c/branches/xerces-3.1/doc/html/secadv/CVE-2016-0729.txt Thu Feb 25 23:49:13 2016 @@ -0,0 +1,48 @@ +-----BEGIN PGP SIGNED MESSAGE----- +Hash: SHA256 + +CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input + +Severity: Critical + +Vendor: The Apache Software Foundation + +Versions Affected: Apache Xerces-C XML Parser library versions +prior to V3.1.3 + +Description: The Xerces-C XML parser mishandles certain kinds of malformed +input documents, resulting in buffer overlows during processing and error +reporting. The overflows can manifest as a segmentation fault or as memory +corruption during a parse operation. The bugs allow for a denial of service +attack in many applications by an unauthenticated attacker, and could +conceivably result in remote code execution. + +Mitigation: Applications that are using library versions older than +V3.1.3 should upgrade as soon as possible. Distributors of older versions +should apply the patches from this subversion revision: + +http://svn.apache.org/viewvc?view=revision&revision=1727978 + +Credit: This issue was reported by Gustavo Grieco. + +References: +http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQIcBAEBCAAGBQJWzlsyAAoJEDeLhFQCJ3liUAsP/Rr4rBKVPxOw3+5JDiQWT27y +/TT1kLFV+u6LtuBL3q6rwOIANquEMP1nJPVuYtceNF66xHi7eX6HZ8jZch6T+uvZ +Bt+kUTOfG4PW1RLm83W1kof58PTI5mIYBWofAQzXm9TSyvoHF5GXWqzNyGOKauYN +pto5xvJzEN5gM7DjbXF8OoIesNVaqCnr+9A2WmCCdNGNzSQLlUVDg9kDvXUdDvHD ++TXHDfgP8OSEYl5e3B3P5OV6SzUi2xdATR6zQgb1QANJy7FoK/FOP5+2J8ccultu +mXlVHpsGlPoIi85nyKVykK3hTT4DyhqSwCa9ek3D5i7lIEk2dXxeevh90is3y/Al +0GSUoG7yXbfe7xmlcUUghdYeYBP6JSOiOqAREUsKfY6nYo4XpGwvJRz/Xgk7iw9y +p39sCIKuJBpqe1Vgy8ONeTFc0WZkkriq23n2oZ4zxoOImF5k44f01olZhA/wmE1P +Wi6Qrafn6myUtp1TAXWoakfxJo0DgHfH6fazlmYSPHIyfLShrAcG6aETDn92KsDp +gy4a5ulP/qpkncJrF2+XeM1wgQSTpUln2664fSwRw5whqg/PW/qGx+/1sltwOSQe +l4bvQhr9xvkv+W++aPFgmJF3HW0Gnsglty6KQAcQ/RqheZ+/vL9buCqWw2xg4bkN +BQJ4QvN4uaHIUxhzVfiL +=vI5o +-----END PGP SIGNATURE----- + Propchange: xerces/c/branches/xerces-3.1/doc/html/secadv/CVE-2016-0729.txt ------------------------------------------------------------------------------ svn:eol-style = native Modified: xerces/c/branches/xerces-3.1/doc/secadv.xml URL: http://svn.apache.org/viewvc/xerces/c/branches/xerces-3.1/doc/secadv.xml?rev=1732401&r1=1732400&r2=1732401&view=diff ============================================================================== --- xerces/c/branches/xerces-3.1/doc/secadv.xml (original) +++ xerces/c/branches/xerces-3.1/doc/secadv.xml Thu Feb 25 23:49:13 2016 @@ -20,6 +20,14 @@ <s1 title="Security Advisories"> +<s2 title="Addressed in 3.1.3 and Later Releases"> +<p>The following security advisories apply to versions of +Xerces-C older than V3.1.3:</p> +<ul> + <li><jump href="secadv/CVE-2016-0729.txt">CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input</jump></li> +</ul> +</s2> + <s2 title="Addressed in 3.1.2 and Later Releases"> <p>The following security advisories apply to versions of Xerces-C older than V3.1.2:</p> --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@xerces.apache.org For additional commands, e-mail: commits-h...@xerces.apache.org