Package "xmltooling"
Name: |
xmltooling
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- C++ XML parsing library with encryption support (development)
- C++ XML parsing library with encryption support (API docs)
- C++ XML parsing library with encryption support (runtime)
- XML schemas for XMLTooling
|
Latest version: |
1.5.6-2ubuntu0.3 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "xmltooling" in Xenial
Packages in group
Deleted packages are displayed in grey.
Changelog
xmltooling (1.5.6-2ubuntu0.3) xenial-security; urgency=high
* SECURITY UPDATE: uncaught exception on malformed XML declaration
Invalid data in the XML declaration causes an exception of a type that
was not handled properly in the parser class and propagates an
unexpected exception type.
This generally manifests as a crash in the calling code, which in the
Service Provider software's case is usually the shibd daemon process,
but can be Apache in some cases. Note that the crash occurs prior to
evaluation of a message's authenticity, so can be exploited by an
untrusted attacker.
- debian/patches/CVE-2019-9628.patch
- CVE-2019-9628
- https://shibboleth.net/community/advisories/secadv_20190311.txt
- LP: #1819912
-- Etienne Dysli Metref <email address hidden> Thu, 14 Mar 2019 11:56:34 +0100
|
Source diff to previous version |
1819912 |
CVE-2019-9628 XML parser class fails to trap exceptions on malformed XML declaration |
CVE-2019-9628 |
XML parser class fails to trap exceptions on malformed XML declaration |
|
xmltooling (1.5.6-2ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Upstream patch to fix CVE-2018-0489 (LP: #1752306)
- d/p/Add-disallowDoctype-to-parser-configuration.patch:
Generic protection against data forgery. Irrelevant under
Xerces 3.1, but is a pre-req for the CVE-2018-0489 patch.
- d/p/CVE-2018-0489-Fix-additional-data-forgery-flaws.patch:
New patches fixing CVE-2018-0489: additional data forgery flaws.
These flaws allow for changes to an XML document that do not break a
digital signature but alter the user data passed through to applications
enabling impersonation attacks and exposure of protected information.
-- Ray Link <email address hidden> Thu, 29 Mar 2018 15:17:35 -0400
|
Source diff to previous version |
1752306 |
Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489] |
CVE-2018-0489 |
Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatu |
|
xmltooling (1.5.6-2ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Upstream patch to fix CVE-2018-0486 (LP: #1743762)
- d/p/CVE-2018-0486-Block-entity-reference-nodes-during-unmarshalling.patch:
Block entity reference nodes during unmarshalling.
-- Ray Link <email address hidden> Wed, 17 Jan 2018 17:48:31 -0500
|
1743762 |
Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486] |
CVE-2018-0486 |
Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signature |
|
About
-
Send Feedback to @ubuntu_updates