SALVETTI Djoume <[EMAIL PROTECTED]> wrote: >>From [CAN-2004-1575] : > > | The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a > | denial of service (CPU consumption) via XML attributes in a crafted > | XML document. > > This problem have been fixed in version 2.6 of Xerces. > > It's not clear to me if prior versions ( xerces24, xerces23, xerces22, > xerces21) are also vulnerable. > > I can filed bugs if you think it's appropriate.
xerces22 isn't in debian. I maintain xerces23 and xerces24, so no need to file separate bugs. If you file against xerces21, feel free to CC me on it. --Jay -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
