svn commit: r1732401 - in /xerces/c/branches/xerces-3.1/doc: html/secadv/CVE-2016-0729.txt secadv.xml

[sc...@apache.org]

Author: scantor
Date: Thu Feb 25 23:49:13 2016
New Revision: 1732401

URL: http://svn.apache.org/viewvc?rev=1732401&view=rev
Log:
Add latest security advisory.

Added:
    xerces/c/branches/xerces-3.1/doc/html/secadv/CVE-2016-0729.txt   (with props)
Modified:
    xerces/c/branches/xerces-3.1/doc/secadv.xml

Added: xerces/c/branches/xerces-3.1/doc/html/secadv/CVE-2016-0729.txt
URL: http://svn.apache.org/viewvc/xerces/c/branches/xerces-3.1/doc/html/secadv/CVE-2016-0729.txt?rev=1732401&view=auto
==============================================================================
--- xerces/c/branches/xerces-3.1/doc/html/secadv/CVE-2016-0729.txt (added)
+++ xerces/c/branches/xerces-3.1/doc/html/secadv/CVE-2016-0729.txt Thu Feb 25 23:49:13 2016
@@ -0,0 +1,48 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input
+
+Severity: Critical
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: Apache Xerces-C XML Parser library versions
+prior to V3.1.3
+
+Description: The Xerces-C XML parser mishandles certain kinds of malformed
+input documents, resulting in buffer overlows during processing and error
+reporting. The overflows can manifest as a segmentation fault or as memory
+corruption during a parse operation. The bugs allow for a denial of service
+attack in many applications by an unauthenticated attacker, and could
+conceivably result in remote code execution.
+
+Mitigation: Applications that are using library versions older than
+V3.1.3 should upgrade as soon as possible. Distributors of older versions
+should apply the patches from this subversion revision:
+
+http://svn.apache.org/viewvc?view=revision&revision=1727978
+
+Credit: This issue was reported by Gustavo Grieco.
+
+References:
+http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
+
+iQIcBAEBCAAGBQJWzlsyAAoJEDeLhFQCJ3liUAsP/Rr4rBKVPxOw3+5JDiQWT27y
+/TT1kLFV+u6LtuBL3q6rwOIANquEMP1nJPVuYtceNF66xHi7eX6HZ8jZch6T+uvZ
+Bt+kUTOfG4PW1RLm83W1kof58PTI5mIYBWofAQzXm9TSyvoHF5GXWqzNyGOKauYN
+pto5xvJzEN5gM7DjbXF8OoIesNVaqCnr+9A2WmCCdNGNzSQLlUVDg9kDvXUdDvHD
++TXHDfgP8OSEYl5e3B3P5OV6SzUi2xdATR6zQgb1QANJy7FoK/FOP5+2J8ccultu
+mXlVHpsGlPoIi85nyKVykK3hTT4DyhqSwCa9ek3D5i7lIEk2dXxeevh90is3y/Al
+0GSUoG7yXbfe7xmlcUUghdYeYBP6JSOiOqAREUsKfY6nYo4XpGwvJRz/Xgk7iw9y
+p39sCIKuJBpqe1Vgy8ONeTFc0WZkkriq23n2oZ4zxoOImF5k44f01olZhA/wmE1P
+Wi6Qrafn6myUtp1TAXWoakfxJo0DgHfH6fazlmYSPHIyfLShrAcG6aETDn92KsDp
+gy4a5ulP/qpkncJrF2+XeM1wgQSTpUln2664fSwRw5whqg/PW/qGx+/1sltwOSQe
+l4bvQhr9xvkv+W++aPFgmJF3HW0Gnsglty6KQAcQ/RqheZ+/vL9buCqWw2xg4bkN
+BQJ4QvN4uaHIUxhzVfiL
+=vI5o
+-----END PGP SIGNATURE-----
+

Propchange: xerces/c/branches/xerces-3.1/doc/html/secadv/CVE-2016-0729.txt
------------------------------------------------------------------------------
    svn:eol-style = native

Modified: xerces/c/branches/xerces-3.1/doc/secadv.xml
URL: http://svn.apache.org/viewvc/xerces/c/branches/xerces-3.1/doc/secadv.xml?rev=1732401&r1=1732400&r2=1732401&view=diff
==============================================================================
--- xerces/c/branches/xerces-3.1/doc/secadv.xml (original)
+++ xerces/c/branches/xerces-3.1/doc/secadv.xml Thu Feb 25 23:49:13 2016
@@ -20,6 +20,14 @@
 
 <s1 title="Security Advisories">
 
+<s2 title="Addressed in 3.1.3 and Later Releases">
+<p>The following security advisories apply to versions of
+Xerces-C older than V3.1.3:</p>
+<ul>
+  <li><jump href="secadv/CVE-2016-0729.txt">CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input</jump></li>
+</ul>
+</s2>
+
 <s2 title="Addressed in 3.1.2 and Later Releases">
 <p>The following security advisories apply to versions of
 Xerces-C older than V3.1.2:</p>



---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@xerces.apache.org
For additional commands, e-mail: commits-help@xerces.apache.org