> So just for the record, the error is really a regression, it worked in
> 3.1.1 and the fix in trunk was this commit:
That's even stronger evidence that I have no business touching that code, I'm
afraid. So I would have to say that somebody who does know it needs to own it
and take care of appl
Hi
National Vulnerability Database
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2099
tracks
https://issues.apache.org/jira/browse/XERCESC-2066
as a Critical Vulnerability issue.
Does somebody know when it will be fixed in official patch?
Regards,
Vladimir.
---
> Does somebody know when it will be fixed in official patch?
Months ago?
http://svn.apache.org/viewvc?view=revision&revision=1747619
Red Hat still hasn't backported it to my knowledge.
-- Scott
-
To unsubscribe, e-mail: c-de
> > Does somebody know when it will be fixed in official patch?
>
> Months ago?
>
> http://svn.apache.org/viewvc?view=revision&revision=1747619
Meant to link to advisory.
http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt
> -- Scott
--
Hi Scott,
I checked Xerces 3.1.4 sources( src/xercesc/validators/DTD/DTDScanner.cpp)
The fix is missing in them.
const XMLCh nextCh = fReaderMgr->peekNextChar();
calls without try catch .
Does the fix will be in Xerces 3.1.5?
Regards,
Vladimir.
-Original Message-
From: Cantor, Scott
> Hi Scott,
> I checked Xerces 3.1.4 sources(
> src/xercesc/validators/DTD/DTDScanner.cpp)
>
> The fix is missing in them.
> const XMLCh nextCh = fReaderMgr->peekNextChar();
> calls without try catch .
The fix I intended to aply is in 3.1.4 and I just verified that.
-- Scott
Thank you for clarification.
Regards,
Vladimir.
-Original Message-
From: Cantor, Scott [mailto:canto...@osu.edu]
Sent: October-21-16 1:24 PM
To: c-dev@xerces.apache.org
Subject: RE: XERCESC-2066 (Exception handling mistake in DTDScanner)
> Hi Scott,
> I checked Xerces 3.1.4 sources(
>