-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3579-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 16, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xerces-c CVE ID : CVE-2016-2099 Debian Bug : 823863 Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, a validating XML parser library for C++, due to not properly handling invalid characters in XML input documents in the DTDScanner. For the stable distribution (jessie), this problem has been fixed in version 3.1.1-5.1+deb8u2. For the testing distribution (stretch), this problem has been fixed in version 3.1.3+debian-2. For the unstable distribution (sid), this problem has been fixed in version 3.1.3+debian-2. We recommend that you upgrade your xerces-c packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJXOW7JAAoJEAVMuPMTQ89Er9cP/iDY5XCVg4IgAwaogj7wgE7m sG6Bz7ZnUqil7Z9PXawCuxbV4kEsJbfRbz/+RntMfAKMidRttMj5wE8pgAkQwpkM ZxeA2hdNwC2n02s7jQNb2wIzNZT8VXUcslQEHIU+9r+zybUl+w8UolEz3quKaBiw pUW3R17ZTY0S7w5BZ34r4DSvRY4zk4+J94fKgsBgYlCX6E/ZCOYlMS61/ubzSHCh I6DLlBBu/cGJsCdfR0YvQuL63xhH+bCAd28IcS3MVQHG1xTu55J1hQ2M+cepzNi0 R7FhrrRmdfh62MKynZ+LXXsSlaP8254zJEdCaJXE8U0/gB2WKOw7mMcgArFBlBQx IytcZPiEHgEVBfRa/EJJnTXXtVoVr0Fv/7aOHRJIw9rAhpTL1b+FcudEWUgSAsaI OOn+nVNlG/BbvfVtFmukXGZ+M5jQI/Y5kRZrCZqYE2MqDRhP+b27t84tYD3TMo++ 0dWYNrjfVAvsBgJlo52+TyrMX4ndD++IE6JHchPe+v6IAQyWX79N8UkmrZxCfKKo KwiuLp+Jlss/+cnP+aJYp0SJlOfAg79rGJ98/97hrHrQSrtPmfvn6/trUr7xONXl MF7Jnanh/LoryxBoYL1vlxIEFhu6Rc/fzG7yAO58kw4fnKi2OwfnkaYsMYxHFE3o rirTluoIjCgkrmMSoAXS =D1tG -----END PGP SIGNATURE-----