UbuntuUpdates.org

Package "libxmltooling-dev"

Name: libxmltooling-dev

Description:

C++ XML parsing library with encryption support (development)

Latest version: 1.6.4-1ubuntu2.1
Release: bionic (18.04)
Level: security
Repository: universe
Head package: xmltooling
Homepage: https://wiki.shibboleth.net/confluence/display/OpenSAML/XMLTooling-C

Links


Download "libxmltooling-dev"


Other versions of "libxmltooling-dev" in Bionic

Repository Area Version
base universe 1.6.4-1ubuntu2
updates universe 1.6.4-1ubuntu2.1

Changelog

Version: 1.6.4-1ubuntu2.1 2019-03-26 14:06:39 UTC

  xmltooling (1.6.4-1ubuntu2.1) bionic-security; urgency=high

  * SECURITY UPDATE: uncaught exception on malformed XML declaration
    Invalid data in the XML declaration causes an exception of a type that
    was not handled properly in the parser class and propagates an
    unexpected exception type.
    This generally manifests as a crash in the calling code, which in the
    Service Provider software's case is usually the shibd daemon process,
    but can be Apache in some cases. Note that the crash occurs prior to
    evaluation of a message's authenticity, so can be exploited by an
    untrusted attacker.
    - debian/patches/CVE-2019-9628.patch
    - CVE-2019-9628
    - https://shibboleth.net/community/advisories/secadv_20190311.txt
    - LP: #1819912

 -- Etienne Dysli Metref <email address hidden> Thu, 14 Mar 2019 11:56:34 +0100

1819912 CVE-2019-9628 XML parser class fails to trap exceptions on malformed XML declaration
CVE-2019-9628 XML parser class fails to trap exceptions on malformed XML declaration



About   -   Send Feedback to @ubuntu_updates