Thanks for considering. Andras On Tue, 30 Sep 2014 08:51:59 -0500 Pat Riehecky <[log in to unmask]> wrote: > Historically, SL has not included the more detailed description to try > and cut to the heart of the security issue. Our focus being along the > lines of "since we ship with security errata on by default, here is why > this package is changing". We know everyone is busy and are hoping to > get straight to the point. > > Putting the package background in the message is an interesting idea. > We'll have to ponder it a bit.... > > Thanks for the feedback! > > Pat > > On 09/30/2014 12:37 AM, Andras Horvath wrote: > > (Sorry, sent to the wrong list). > > > > Hi, > > > > With all respect for the work, may I ask if there is any possibility to include a short description of the package's functionality in the security errata report? There was one included in the past as far as I remember. I'd find it more than practical to have it because it gives a useful info to sysadmins about which are of the system is affected. Which software layer etc. > > > > Of course I could run a "yum info", just thought it may be good for everyone not having to. > > > > > > Andras > > > > > > On Mon, 29 Sep 2014 21:37:02 +0000 > > Pat Riehecky <[log in to unmask]> wrote: > > > >> Synopsis: Moderate: xerces-j2 security update > >> Advisory ID: SLSA-2014:1319-1 > >> Issue Date: 2014-09-29 > >> CVE Numbers: CVE-2013-4002 > >> -- > >> > >> A resource consumption issue was found in the way Xerces-J handled XML > >> declarations. A remote attacker could use an XML document with a specially > >> crafted declaration using a long pseudo-attribute name that, when parsed > >> by an application using Xerces-J, would cause that application to use an > >> excessive amount of CPU. (CVE-2013-4002) > >> > >> Applications using the Xerces-J must be restarted for this update to take > >> effect. > >> -- > >> > >> SL6 > >> x86_64 > >> xerces-j2-2.7.1-12.7.el6_5.x86_64.rpm > >> xerces-j2-debuginfo-2.7.1-12.7.el6_5.x86_64.rpm > >> xerces-j2-demo-2.7.1-12.7.el6_5.x86_64.rpm > >> xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.x86_64.rpm > >> xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.x86_64.rpm > >> xerces-j2-javadoc-other-2.7.1-12.7.el6_5.x86_64.rpm > >> xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.x86_64.rpm > >> xerces-j2-scripts-2.7.1-12.7.el6_5.x86_64.rpm > >> i386 > >> xerces-j2-2.7.1-12.7.el6_5.i686.rpm > >> xerces-j2-debuginfo-2.7.1-12.7.el6_5.i686.rpm > >> xerces-j2-demo-2.7.1-12.7.el6_5.i686.rpm > >> xerces-j2-javadoc-apis-2.7.1-12.7.el6_5.i686.rpm > >> xerces-j2-javadoc-impl-2.7.1-12.7.el6_5.i686.rpm > >> xerces-j2-javadoc-other-2.7.1-12.7.el6_5.i686.rpm > >> xerces-j2-javadoc-xni-2.7.1-12.7.el6_5.i686.rpm > >> xerces-j2-scripts-2.7.1-12.7.el6_5.i686.rpm > >> > >> - Scientific Linux Development Team > >