doc/secadv.xml - xerces-c - Git at Google

 <?xml version="1.0"  encoding="iso-8859-1" standalone="no"?>
 <!--
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
 -->

 <!DOCTYPE s1 SYSTEM "sbk:/style/dtd/document.dtd">

 <s1 title="Security Advisories">

 <s2 title="Unaddressed Advisories">

 <p>The following security advisories apply to current versions of
 Xerces-C and have not been fixed, in most cases due to insufficient
 expertise or resources:</p>

 <ul>
   <li><jump href="secadv/CVE-2018-1311.txt">CVE-2018-1311: Apache Xerces-C use-after-free vulnerability scanning external DTD</jump></li>
 </ul>
 </s2>

 <s2 title="Addressed in 3.2.1 and Later Releases">
 <p>The following security advisories apply to versions of
 Xerces-C older than V3.2.1:</p>
 <ul>
   <li><jump href="secadv/CVE-2017-12627.txt">CVE-2017-12627: Apache Xerces-C DTD vulnerability processing external paths</jump></li>
 </ul>
 </s2>

 <s2 title="Addressed in 3.1.4 and Later Releases">
 <p>The following security advisories apply to versions of
 Xerces-C older than V3.1.4:</p>
 <ul>
   <li><jump href="secadv/CVE-2016-4463.txt">CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD</jump></li>
 </ul>
 </s2>

 <s2 title="Addressed in 3.1.3 and Later Releases">
 <p>The following security advisories apply to versions of
 Xerces-C older than V3.1.3:</p>
 <ul>
   <li><jump href="secadv/CVE-2016-0729.txt">CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input</jump></li>
 </ul>
 </s2>

 <s2 title="Addressed in 3.1.2 and Later Releases">
 <p>The following security advisories apply to versions of
 Xerces-C older than V3.1.2:</p>
 <ul>
   <li><jump href="secadv/CVE-2015-0252.txt">CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input</jump></li>
 </ul>
 </s2>

 </s1>
	<?xml version="1.0" encoding="iso-8859-1" standalone="no"?>
	<!--
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	-->

	<!DOCTYPE s1 SYSTEM "sbk:/style/dtd/document.dtd">

	<s1 title="Security Advisories">

	<s2 title="Unaddressed Advisories">

	<p>The following security advisories apply to current versions of
	Xerces-C and have not been fixed, in most cases due to insufficient
	expertise or resources:</p>

	<ul>
	<li><jump href="secadv/CVE-2018-1311.txt">CVE-2018-1311: Apache Xerces-C use-after-free vulnerability scanning external DTD</jump></li>
	</ul>
	</s2>

	<s2 title="Addressed in 3.2.1 and Later Releases">
	<p>The following security advisories apply to versions of
	Xerces-C older than V3.2.1:</p>
	<ul>
	<li><jump href="secadv/CVE-2017-12627.txt">CVE-2017-12627: Apache Xerces-C DTD vulnerability processing external paths</jump></li>
	</ul>
	</s2>

	<s2 title="Addressed in 3.1.4 and Later Releases">
	<p>The following security advisories apply to versions of
	Xerces-C older than V3.1.4:</p>
	<ul>
	<li><jump href="secadv/CVE-2016-4463.txt">CVE-2016-4463: Apache Xerces-C XML Parser Crashes on Malformed DTD</jump></li>
	</ul>
	</s2>

	<s2 title="Addressed in 3.1.3 and Later Releases">
	<p>The following security advisories apply to versions of
	Xerces-C older than V3.1.3:</p>
	<ul>
	<li><jump href="secadv/CVE-2016-0729.txt">CVE-2016-0729: Apache Xerces-C XML Parser Crashes on Malformed Input</jump></li>
	</ul>
	</s2>

	<s2 title="Addressed in 3.1.2 and Later Releases">
	<p>The following security advisories apply to versions of
	Xerces-C older than V3.1.2:</p>
	<ul>
	<li><jump href="secadv/CVE-2015-0252.txt">CVE-2015-0252: Apache Xerces-C XML Parser Crashes on Malformed Input</jump></li>
	</ul>
	</s2>

	</s1>