OVAL Reference oval:com.ubuntu.disco:def:200937200000000

Oval Definition:

oval:com.ubuntu.disco:def:200937200000000

Revision Date:	2009-11-03	Version:	1
Title:	CVE-2009-3720 on Ubuntu 19.04 (disco) - low.
Description:	The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.
Family:	unix	Class:	vulnerability
Status:		Reference(s):	CVE-2009-3720
Platform(s):	Ubuntu 19.04	Product(s):
Definition Synopsis
Ubuntu 19.04 (disco) is installed. AND Package Information apache2: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled'). OR apr-util: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled'). OR cadaver: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR cmake: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled'). OR coin3: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR expat package in disco was vulnerable but has been fixed (note: '2.0.1-7ubuntu1'). OR ghostscript: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled'). OR matanza: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR paraview package in disco, is related to the CVE in some way and has been fixed (note: '3.8.1-1ubuntu1'). OR smart: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled'). OR swish-e: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life'). OR texlive-bin: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'code-not-compiled'). OR xmlrpc-c package in disco was vulnerable but has been fixed (note: '1.06.27-1ubuntu7'). OR xotcl: while related to the CVE in some way, a decision has been made to ignore this issue (note: 'reached end-of-life').

BACK