Bug#548358: libxerces2-java: CVE-2009-2625 infinite loop denial of service in libxerces2-java
Joe Malicki
jmalicki at metacarta.com
Fri Sep 25 19:04:38 UTC 2009
Package: libxerces2-java
Version: 2.9.1-2
Severity: normal
Discussed here:
http://mail-archives.apache.org/mod_mbox/xerces-j-users/200908.mbox/thread
Michael Glavassevich claims this is fixed in Xerces Java subversion here:
http://marc.info/?l=xerces-cvs&m=124569778024398&w=2
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libxerces2-java depends on:
ii libjaxp1.3-java 1.3.04-3 Java XML parser and transformer AP
ii sun-java5-jre [java2-runtim 1.5.0-17-0.1 Sun Java(TM) Runtime Environment (
ii sun-java6-jre [java2-runtim 6-12-1 Sun Java(TM) Runtime Environment (
Versions of packages libxerces2-java recommends:
ii libxerces2-java-gcj 2.9.1-2 Validating XML parser for Java wit
Versions of packages libxerces2-java suggests:
pn libxerces2-java-doc <none> (no description available)
-- no debconf information
More information about the pkg-java-maintainers
mailing list