You are viewing a plain text version of this content. The canonical link for it is here.
Posted to c-users@xerces.apache.org by BEEK Graham <gr...@capgemini.com.INVALID> on 2021/05/28 09:21:53 UTC
Security vulnerability - CVE-2018-1311
Hi,
I've just heard about this vulnerability in Xerces-C 3.2.2.
Although I can see the advisory, there's no mention of it in the bug list. Is this intentional? I was expecting some kind of analysis/response, if not a fix. Looks like it was reported over a year ago. I'm not sure of the timeframe of this sort of thing, maybe it needs to be verified before being acted on?
Anyway, I was just wondering what the state of it is and whether there's any "official" response, even if it's still "we're looking at it".
Cheers,
Graham
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
RE: Security vulnerability - CVE-2018-1311
Posted by BEEK Graham <gr...@capgemini.com.INVALID>.
That's great Alberto. Many thanks. I don't know why my search didn't find it!
Cheers,
Graham
-----Original Message-----
From: Alberto Massari <al...@tiscali.it>
Sent: 28 May 2021 11:13
To: c-users@xerces.apache.org
Subject: Re: Security vulnerability - CVE-2018-1311
Hi Graham,
the issue is tracked by https://urldefense.proofpoint.com/v2/url?u=https-3A__issues.apache.org_jira_browse_XERCESC-2D2188&d=DwIC-g&c=cxWN2QSDopt5SklNfbjIjg&r=Wl61nXdRfIRnjZZNtPVJFuBXLtD4MireJC9mpFT6kgk&m=jJUjteQnpRWlk3YEuJwMW1sbMCXHiBIT9bZVtih0pa0&s=zrgZRhmRcX7pn684FSSzG8pY6tIjLsChmT5kzblDpAE&e=
Alberto
Il 28/05/21 11:21, BEEK Graham ha scritto:
> Hi,
>
> I've just heard about this vulnerability in Xerces-C 3.2.2.
>
> Although I can see the advisory, there's no mention of it in the bug list. Is this intentional? I was expecting some kind of analysis/response, if not a fix. Looks like it was reported over a year ago. I'm not sure of the timeframe of this sort of thing, maybe it needs to be verified before being acted on?
>
> Anyway, I was just wondering what the state of it is and whether there's any "official" response, even if it's still "we're looking at it".
>
> Cheers,
> Graham
> This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
>
Re: Security vulnerability - CVE-2018-1311
Posted by Alberto Massari <al...@tiscali.it>.
Hi Graham,
the issue is tracked by https://issues.apache.org/jira/browse/XERCESC-2188
Alberto
Il 28/05/21 11:21, BEEK Graham ha scritto:
> Hi,
>
> I've just heard about this vulnerability in Xerces-C 3.2.2.
>
> Although I can see the advisory, there's no mention of it in the bug list. Is this intentional? I was expecting some kind of analysis/response, if not a fix. Looks like it was reported over a year ago. I'm not sure of the timeframe of this sort of thing, maybe it needs to be verified before being acted on?
>
> Anyway, I was just wondering what the state of it is and whether there's any "official" response, even if it's still "we're looking at it".
>
> Cheers,
> Graham
> This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
>