UbuntuUpdates.org

Package "libxml-security-java"

Name: libxml-security-java

Description:

Apache Santuario -- XML Security for Java

Latest version: 2.0.10-2~18.04.1
Release: bionic (18.04)
Level: security
Repository: universe
Homepage: http://santuario.apache.org

Links


Download "libxml-security-java"


Other versions of "libxml-security-java" in Bionic

Repository Area Version
base universe 1.5.8-2
updates universe 2.0.10-2~18.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.0.10-2~18.04.1 2022-07-20 13:06:17 UTC

  libxml-security-java (2.0.10-2~18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: XPath Transform
    - debian/patches/CVE-2021-40690.patch: Apache Santuario - XML Security for
      Java is vulnerable to an issue where the "secureValidation" property is
      not passed correctly when creating a KeyInfo from a KeyInfoReference
      element. This allows an attacker to abuse an XPath Transform to extract
      any local .xml files in a RetrievalMethod element.
    - CVE-2021-40690

 -- Fabian Toepfer <email address hidden> Wed, 13 Jul 2022 13:56:56 +0200

Source diff to previous version
CVE-2021-40690 All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is

Version: 2.0.10-2~18.04 2019-04-16 18:07:07 UTC

  libxml-security-java (2.0.10-2~18.04) bionic; urgency=medium

  * Backport for OpenJDK 11. LP: #1814133.




About   -   Send Feedback to @ubuntu_updates