[GitHub] [xerces-c] scantor commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

scantor commented on PR #47: URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1688414268 > I will consider becoming a committer to this project to fix this vulnerability Only if you're in it for the long haul, it's a commitment (pun intended) to actually sustain the code

[GitHub] [xerces-c] johnjamesmccann commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

johnjamesmccann commented on PR #47: URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1688371818 [Apache-496067-disclosure-report.pdf](https://github.com/apache/xerces-c/files/12409994/Apache-496067-disclosure-report.pdf) Hello Scott here is the vulnerability report as

[GitHub] [xerces-c] johnjamesmccann commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

johnjamesmccann commented on PR #47: URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1688282792 Thanks for your response Scott, How does it get to be known that the "fix is correct."? It appears that the tests are passing and there are no regressions. This hotfix is

[GitHub] [xerces-c] scantor commented on pull request #47: [XERCESC-2188] Fix potential double-free in usage of ReaderMgr::pushReader()

scantor commented on PR #47: URL: https://github.com/apache/xerces-c/pull/47#issuecomment-1688246591 It has not, and I don't think it's even known that the fix is correct. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and