[ubuntu/bionic-updates] libxml-security-java 2.0.10-2~18.04.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Jul 20 11:58:31 UTC 2022
libxml-security-java (2.0.10-2~18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: XPath Transform
- debian/patches/CVE-2021-40690.patch: Apache Santuario - XML Security for
Java is vulnerable to an issue where the "secureValidation" property is
not passed correctly when creating a KeyInfo from a KeyInfoReference
element. This allows an attacker to abuse an XPath Transform to extract
any local .xml files in a RetrievalMethod element.
- CVE-2021-40690
Date: 2022-07-19 13:38:09.017538+00:00
Changed-By: Fabian Toepfer <fabian.toepfer at canonical.com>
Maintainer: Debian Java Maintainers <pkg-java-maintainers at lists.alioth.debian.org>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libxml-security-java/2.0.10-2~18.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list