Package : xmltooling
CVE ID : CVE-2019-9628
Ross Geerlings发现xmltools库没有正确处理关于错误(畸形)XML声明上的异常,使用xmltools可能导致应用程序拒绝服务。
这个问题在1.6.0-4+deb9u2版本中得到了修复。
有关xmltools的详细安全状态,请参阅其安全跟踪器页面:https://secur-tracker.debian.org/tracker/xmltools
--------------------
Package : xmltooling
CVE ID : CVE-2019-9628
Ross Geerlings discovered that the XMLTooling library didn‘t correctly handle exceptions on malformed XML declarations, which could result in denial of service against the application using XMLTooling.
This problem has been fixed in version 1.6.0-4+deb9u2.
For the detailed security status of xmltooling please refer to its security tracker page at:https://security-tracker.debian.org/tracker/xmltooling
Debian Security Advisory(Debian安全报告) DSA-4407-1
原文:https://www.cnblogs.com/iAmSoScArEd/p/10532858.html