[ubuntu/xenial-updates] dom4j 1.6.1+dfsg.3-2ubuntu1.2 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Nov 5 16:28:12 UTC 2020
dom4j (1.6.1+dfsg.3-2ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: XML injection attack
- debian/patches/07_disable_xsd_support.patch: Drop patch as dom4j is in
universe in xenial.
- debian/patches/CVE-2018-1000632.patch: Validate QName inputs - throw
IllegalArgumentException when qualified name contains disallowed
character.
- debian/patches/testng.patch: Build and test AllowedCharsTest to verify
that CVE-2018-1000632 is correctly addressed.
- debian/patches/fix_test_names.patch: Fix tests with invalid QNames.
- debian/control: Add testng, libmsv-java, and librelaxng-datatype-java to
build-deps.
- debian/rules: Add testng to ant target and add xsdlib to debian JARs.
- CVE-2018-1000632
Date: 2020-11-04 23:04:15.859744+00:00
Changed-By: Avital Ostromich <avital.ostromich at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/dom4j/1.6.1+dfsg.3-2ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list