A security issue in xerces-c has been announced today (May 9):
There is a proposed patch on the upstream bug report:
Mageia 5 is also affected.
Assigning to all packagers collectively, since there is no maintainer for this package.
Debian-LTS has issued an advisory for this on May 12:
Patched packages uploaded for Mageia 5 and Cauldron.
Testing ideas in Bug 17820.
Updated xerces-c packages fix security vulnerability:
Gustavo Grieco discovered an use-after-free vulnerability in xerces-c, due to
not properly handling invalid characters in XML input documents in the
Updated packages in core/updates_testing:
Tested this package before. Hope to get round to testing it later today.
Put enigma through its paces before updating and ran the parser program on a sample XML file.
Updated and found that enigma continued to work - an addictive game that - and the parser also functioned.
Reckon this is OK.
Created attachment 7814 [details]
Simple parser program to be run on the sample file
Original C++ code is omitted because it was copied from github so there might be intellectual property rights attached to it.
This looks for sample.xml.
Application option A=10
Application option B=24
Created attachment 7815 [details]
Simple XML file with two stanzas
This goes with the parser program.
has_procedure MGA5-64-OK =>
has_procedure MGA5-64-OK advisoryCC:
An update for this issue has been pushed to the Mageia Updates repository.