Debian Security Advisory(Debian安全报告) DSA-4407-1

Posted 2021-02-13 iamsoscared

Package        : xmltooling

CVE ID         : CVE-2019-9628

 

Ross Geerlings发现xmltools库没有正确处理关于错误(畸形)XML声明上的异常，使用xmltools可能导致应用程序拒绝服务。

这个问题在1.6.0-4+deb9u2版本中得到了修复。

有关xmltools的详细安全状态，请参阅其安全跟踪器页面:https://secur-tracker.debian.org/tracker/xmltools

--------------------
Package        : xmltooling

CVE ID         : CVE-2019-9628

Ross Geerlings discovered that the XMLTooling library didn‘t correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using XMLTooling.

This problem has been fixed in version 1.6.0-4+deb9u2.

For the detailed security status of xmltooling please refer to its security tracker page at:https://security-tracker.debian.org/tracker/xmltooling