Overview

File _patchinfo of Package patchinfo.5548

<patchinfo incident="5548">
  <issue id="979208" tracker="bnc">VUL-0: CVE-2016-2099: xerces: use-after-free in Xerces 3.1.3</issue>
  <issue id="985860" tracker="bnc">VUL-0: EMBARGOED: CVE-2016-4463: xerces-c: Apache Xerces-C XML Parser Crashes on Malformed DTD</issue>
  <issue id="2016-4463" tracker="cve" />
  <issue id="2016-2099" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pjanouch</packager>
  <description>xerces-c was updated to fix one security issue.

This security issue was fixed:
- CVE-2016-2099: Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ did not properly handle exceptions raised in the XMLReader class, which allowed context-dependent attackers to have unspecified impact via an invalid character in an XML document (bsc#979208).
- CVE-2016-4463: Apache Xerces-C XML Parser crashed on malformed DTD (bnc#985860).
  
This update was imported from the SUSE:SLE-12:Update update project.</description>
  <summary>Security update for xerces-c</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places