Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
---|---|---|---|---|---|---|
cross_wchar.patch | no | |||||
Fix-NetAccessorTest-to-exit-with-non-zero-status-in-case-.patch | Fix NetAccessorTest to exit with non-zero status in case of error | Boris Kolpackov <boris@codesynthesis.com> | no | https://github.com/apache/xerces-c/commit/12eecd6b97840b3b49147f6c4245295d83c1198d | 2023-12-13 | |
CVE-2018-1311.patch | XERCESC-2188 - Use-after-free on external DTD scan (CVE-2018-1311) These are the instructions for observing the bug (before this commit): $ git clone https://github.com/apache/xerces-c.git $ cd xerces-c $ mkdir build $ cd build $ cmake -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Debug .. $ make -j8 $ cp ../samples/data/personal.xml . $ cat <<EOF >personal.dtd <?xml encoding="ISO-8859-1"?> <!ENTITY % nonExistentEntity SYSTEM "non-existent.ent"> %nonExistentEntity; EOF $ gdb samples/StdInParse (gdb) b IGXMLScanner.cpp:1544 (gdb) run <personal.xml 1544 fReaderMgr.pushReader(reader, declDTD); (gdb) p declDTD $1 = (xercesc_4_0::DTDEntityDecl *) 0x49ac68 (gdb) n 1547 dtdScanner.scanExtSubsetDecl(false, true); (gdb) n 1548 } (gdb) s ... (gdb) s # The Janitor is about to delete the above declDTD. 90 delete fData; (gdb) p fData $1 = (xercesc_4_0::DTDEntityDecl *) 0x49ac68 (gdb) b ReaderMgr.cpp:1024 (gdb) n ... (gdb) n # Now we about to dereference the deleted declDTD. 1024 if (curEntity && !curEntity->isExternal()) (gdb) p curEntity $2 = (const xercesc_4_0::XMLEntityDecl *) 0x49ac68 |
Karen Arutyunov <karen@codesynthesis.com> | yes | debian upstream | https://github.com/apache/xerces-c/commit/e0024267504188e42ace4dd9031d936786914835 | 2023-12-13 |