UbuntuUpdates.org

Package "xmltooling-schemas"

Name: xmltooling-schemas

Description:

XML schemas for XMLTooling
Latest version: 1.5.6-2ubuntu0.3
Release: xenial (16.04)
Level: security
Repository: universe
Head package: xmltooling
Homepage: https://wiki.shibboleth.net/confluence/display/OpenSAML/XMLTooling-C

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "xmltooling-schemas"

All arch deb package
APT INSTALL

Other versions of "xmltooling-schemas" in Xenial

Repository Area Version
base universe 1.5.6-2
updates universe 1.5.6-2ubuntu0.3

Changelog

Version: 1.5.6-2ubuntu0.3 2019-03-26 14:06:37 UTC

  xmltooling (1.5.6-2ubuntu0.3) xenial-security; urgency=high

  * SECURITY UPDATE: uncaught exception on malformed XML declaration
    Invalid data in the XML declaration causes an exception of a type that
    was not handled properly in the parser class and propagates an
    unexpected exception type.
    This generally manifests as a crash in the calling code, which in the
    Service Provider software's case is usually the shibd daemon process,
    but can be Apache in some cases. Note that the crash occurs prior to
    evaluation of a message's authenticity, so can be exploited by an
    untrusted attacker.
    - debian/patches/CVE-2019-9628.patch
    - CVE-2019-9628
    - https://shibboleth.net/community/advisories/secadv_20190311.txt
    - LP: #1819912

 -- Etienne Dysli Metref <email address hidden> Thu, 14 Mar 2019 11:56:34 +0100
Source diff to previous version
1819912 CVE-2019-9628 XML parser class fails to trap exceptions on malformed XML declaration
CVE-2019-9628 XML parser class fails to trap exceptions on malformed XML declaration

Version: 1.5.6-2ubuntu0.2 2018-04-02 15:06:40 UTC

  xmltooling (1.5.6-2ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Upstream patch to fix CVE-2018-0489 (LP: #1752306)
    - d/p/Add-disallowDoctype-to-parser-configuration.patch:
      Generic protection against data forgery. Irrelevant under
      Xerces 3.1, but is a pre-req for the CVE-2018-0489 patch.
    - d/p/CVE-2018-0489-Fix-additional-data-forgery-flaws.patch:
      New patches fixing CVE-2018-0489: additional data forgery flaws.
      These flaws allow for changes to an XML document that do not break a
      digital signature but alter the user data passed through to applications
      enabling impersonation attacks and exposure of protected information.

 -- Ray Link <email address hidden> Thu, 29 Mar 2018 15:17:35 -0400
Source diff to previous version
1752306 Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489]
CVE-2018-0489 Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatu

Version: 1.5.6-2ubuntu0.1 2018-01-18 01:06:37 UTC

  xmltooling (1.5.6-2ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Upstream patch to fix CVE-2018-0486 (LP: #1743762)
    - d/p/CVE-2018-0486-Block-entity-reference-nodes-during-unmarshalling.patch:
      Block entity reference nodes during unmarshalling.

 -- Ray Link <email address hidden> Wed, 17 Jan 2018 17:48:31 -0500
1743762 Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486]
CVE-2018-0486 Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service Provider before 2.6.0 on Windows and other products, mishandles digital signature


About   -   Send Feedback to @ubuntu_updates