oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

ocaml-xml-light: hash table collisions CPU usage DoS CVE-2012-3514

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 20 Aug 2012 23:45:27 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Xml-Light has been moved to google code SVN here :
http://ocamllibs.googlecode.com/svn/trunk/xml-light/

I've applied a fix in r234 by using String Map instead of Hashtbl for
DTD proof.

Best,
Nicolas

Please use CVE-2012-3514 for this issue.



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJQMyB2AAoJEBYNRVNeJnmT2LsP/R61a+0G7wbAr3wJ6UUrZnZQ
uxjWASbL1gPUQ0S/Oglo3VPBddgT63DiEHEZ43pjZAwe7kmfvPFCFNbWlGn7sfVT
M06U44AXArfmyBmutCJJl9iqPTIWN7lgC9QvrjMEcXc+rLod3gNodMiKVRSXhSkm
Kva9SOwI/iyVAhjSYlMGf/FVwhyOJb4eB3IqXGGaTheoVEoJyxrMoqOhI2+o8jnC
6r4paBkNs5N7MnjmoSnGWtra1Ndm6ZFG/d015LUcE4poU8D2nPkfQx8LaVMR7xPk
ZEaJNClAseZ0bcKRugxZ5ROlbkA1wW/2sGADV8MsdaQiC01dp1TgtqmlA4WFX1rr
wBUY5Y5ZzoEpmWHPAG7SsY1gN+rNiOQtAjXwxxX8N3YpclRE5N7a88YfoqfEPjAa
SkkePgXTHznIl+CQG5w4W+mtXd2Ui/HLnkdyLRUpq7/O/DVCgT3YJE/KUeyYGLuK
lHJ4NoJX2WV4BurhmfV0mMhyRJii0L/c7KzSwD+vR2A2D7fBOZMfGnDzL8lCTI9K
mTn0doedKWGVt+YjE+agOsKkOALGpHVlUmJQQnRDofEJ/gq4Mvi1/d9C0OWxYokY
qF7tp982t+fNVxJMGsums8sVhWrdnaSZAhjwiHuLMTPUP+O+UOIYCcW29wGwJrU1
hwhBkaWtQuw/j9nY7OM8
=CEnw
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: