[ubuntu/xenial-updates] xmltooling 1.5.6-2ubuntu0.2 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Apr 2 13:58:09 UTC 2018


xmltooling (1.5.6-2ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Upstream patch to fix CVE-2018-0489 (LP: #1752306)
    - d/p/Add-disallowDoctype-to-parser-configuration.patch:
      Generic protection against data forgery.  Irrelevant under
      Xerces 3.1, but is a pre-req for the CVE-2018-0489 patch.
    - d/p/CVE-2018-0489-Fix-additional-data-forgery-flaws.patch:
      New patches fixing CVE-2018-0489: additional data forgery flaws.
      These flaws allow for changes to an XML document that do not break a
      digital signature but alter the user data passed through to applications
      enabling impersonation attacks and exposure of protected information.

Date: 2018-03-30 01:56:59.759236+00:00
Changed-By: Ray Link <rlink+launchpad at cs.cmu.edu>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/xmltooling/1.5.6-2ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list