(Sorry, sent to the wrong list). Hi, With all respect for the work, may I ask if there is any possibility to include a short description of the package's functionality in the security errata report? There was one included in the past as far as I remember. I'd find it more than practical to have it because it gives a useful info to sysadmins about which are of the system is affected. Which software layer etc. Of course I could run a "yum info", just thought it may be good for everyone not having to. Andras On Mon, 29 Sep 2014 21:37:02 +0000 Pat Riehecky <[log in to unmask]> wrote: > Synopsis: Moderate: xerces-j2 security update > Advisory ID: SLSA-2014:1319-1 > Issue Date: 2014-09-29 > CVE Numbers: CVE-2013-4002 > -- > > A resource consumption issue was found in the way Xerces-J handled XML > declarations. A remote attacker could use an XML document with a specially > crafted declaration using a long pseudo-attribute name that, when parsed > by an application using Xerces-J, would cause that application to use an > excessive amount of CPU. (CVE-2013-4002) > > Applications using the Xerces-J must be restarted for this update to take > effect. > -- > > SL6 > x86_64 > xerces-j2-2.7.1-12.7.el6_5.x86_64.rpm > xerces-j2-debuginfo-2.7.1-12.7.el6_5.x86_64.rpm > xerces-j2-demo-2.7.1-12.7.el6_5.x86_64.rpm > xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.x86_64.rpm > xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.x86_64.rpm > xerces-j2-javadoc-other-2.7.1-12.7.el6_5.x86_64.rpm > xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.x86_64.rpm > xerces-j2-scripts-2.7.1-12.7.el6_5.x86_64.rpm > i386 > xerces-j2-2.7.1-12.7.el6_5.i686.rpm > xerces-j2-debuginfo-2.7.1-12.7.el6_5.i686.rpm > xerces-j2-demo-2.7.1-12.7.el6_5.i686.rpm > xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.i686.rpm > xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.i686.rpm > xerces-j2-javadoc-other-2.7.1-12.7.el6_5.i686.rpm > xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.i686.rpm > xerces-j2-scripts-2.7.1-12.7.el6_5.i686.rpm > > - Scientific Linux Development Team