xerces-c (3.2.3+debian-3ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: use-after-free on external DTD scan
- debian/patches/CVE-2018-1311-mitigation.patch: remove CVE-2018-1311 fix
that also introduces memory leak.
- debian/patches/series: update series file to remove
CVE-2018-1311-mitigation.patch from the patch list.
- debian/patches/CVE-2018-1311.patch: resolve issue XERCESC-2188.
- CVE-2018-1311
* SECURITY UPDATE: integer overflows in DFAContentModel class
- debian/patches/CVE-2023-37536.patch: add limit checks to DFAContentModel
class methods and resolve issue XERCESC-2241.
- CVE-2023-37536
-- Camila Camargo de Matos <camila.camargodematos@canonical.com> Wed, 17 Jan 2024 07:41:34 -0300
xerces-c (3.2.3+debian-3build1) jammy; urgency=medium
* No-change rebuild for icu soname change.
-- Matthias Klose <doko@ubuntu.com> Wed, 09 Feb 2022 05:42:31 +0100
xerces-c (3.2.3+debian-3) unstable; urgency=medium
* Fix MemHandlerTest1 on 32-bit systems to compensate for CVE-2018-1311 fix
-- William Blough <bblough@debian.org> Mon, 14 Dec 2020 11:43:13 -0500
xerces-c (3.2.3+debian-2) unstable; urgency=medium
[ Sylvain Beucler ]
* CVE-2018-1311 mitigation: fix use-after-free vulnerability when
processing external DTD, at the expense of a memory leak. Users may
mitigate both by setting the XERCES_DISABLE_DTD environment variable.
[ William Blough ]
* Update d/watch to v4
* Update standards version to 4.5.1 (no changes)
-- William Blough <bblough@debian.org> Fri, 11 Dec 2020 11:22:23 -0500
xerces-c (3.2.3+debian-1) unstable; urgency=medium
* New upstream version 3.2.3+debian
-- William Blough <bblough@debian.org> Sat, 11 Apr 2020 15:34:02 -0400
xerces-c (3.2.2+debian-3) unstable; urgency=medium
* Bump version for source-only upload
-- William Blough <bblough@debian.org> Sun, 22 Mar 2020 14:31:48 -0400
xerces-c (3.2.2+debian-2) unstable; urgency=medium
[ Debian Janitor ]
* Drop unnecessary dependency on dh-autoreconf.
[ William Blough ]
* Move Java-related Build-Depends (for docs) to Build-Depends-Indep.
Closes: 947899
* Remove optimization bug workaround for s390x, since the bug no longer
appears to be present. Closes: 833754
* Update standards to 4.5.0 (no changes)
* Build-Depend on debhelper-compat instead of using debian/compat
* Update to debhelper 12
* Add a simple autopkgtest to verify that programs using xerces-c can
be built.
* Mark -doc package as Multi-Arch: foreign
* Mark -dev package as Multi-Arch: same
-- William Blough <bblough@debian.org> Tue, 17 Mar 2020 17:05:41 -0400
xerces-c (3.2.2+debian-1) unstable; urgency=medium
* New upstream version 3.2.2+debian Closes: 909202
* Add gbp.conf
* Update VCS URLs
* Update maintainer email
* Remove duplicate VCS URL
* Update standards to 4.2.1 (no changes needed)
-- William Blough <bblough@debian.org> Wed, 19 Sep 2018 15:19:49 -0400
xerces-c (3.2.1+debian-2) unstable; urgency=medium
* Fixes regression related to SSE2 detection/support, which
causes a baseline violation on i386. Closes: 895068
* Update to policy 4.1.4 (no changes)
* Update to debhelper compat 11
* Simplify installation of NOTICE files
-- William Blough <devel@blough.us> Thu, 26 Apr 2018 01:02:02 -0400
xerces-c (3.2.1+debian-1) unstable; urgency=medium
* New upstream release. Closes: 891841
Fixes CVE-2017-12627 Closes: 894050
* Update to policy 4.1.3 (no changes)
* Remove patch that was applied upstream
* Lintian fixes:
- remove trailing whitespace in changelog
- install NOTICE file
- change watch file to use https
-- William Blough <devel@blough.us> Wed, 28 Mar 2018 17:56:05 -0400
# For older changelog entries, run 'apt-get changelog libxerces-c3.2'
Generated by dwww version 1.14 on Mon Aug 25 08:54:01 CEST 2025.