Source: xerces-c Version: 3.2.0+debian-2 Severity: grave Tags: patch security upstream
Hi, the following vulnerability was published for xerces-c. CVE-2017-12627[0]: | In Apache Xerces-C XML Parser library before 3.2.1, processing of | external DTD paths can result in a null pointer dereference under | certain conditions. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-12627 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12627 [1] https://svn.apache.org/viewvc?view=revision&revision=1819998 [2] https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt Please adjust the affected versions in the BTS as needed. Regards, Salvatore