[ubuntu/trusty-security] xmltooling 1.5.3-2+deb8u3ubuntu0.1 (Accepted)

Eduardo dos Santos Barretto eduardo.barretto at canonical.com
Tue Mar 26 12:56:22 UTC 2019

xmltooling (1.5.3-2+deb8u3ubuntu0.1) trusty-security; urgency=high

  * SECURITY UPDATE: uncaught exception on malformed XML declaration
    Invalid data in the XML declaration causes an exception of a type that
    was not handled properly in the parser class and propagates an
    unexpected exception type.
    This generally manifests as a crash in the calling code, which in the
    Service Provider software's case is usually the shibd daemon process,
    but can be Apache in some cases. Note that the crash occurs prior to
    evaluation of a message's authenticity, so can be exploited by an
    untrusted attacker.
    - debian/patches/CVE-2019-9628.patch
    - CVE-2019-9628
    - https://shibboleth.net/community/advisories/secadv_20190311.txt
    - LP: #1819912

Date: 2019-03-21 17:39:32.483869+00:00
Changed-By: Etienne Dysli Metref <etienne.dysli-metref at switch.ch>
Signed-By: Eduardo dos Santos Barretto <eduardo.barretto at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list