Publishing details

Published on 2020-11-05
Copied from ubuntu xenial in PPA for Ubuntu Security Proposed by Avital Ostromich

Changelog

dom4j (1.6.1+dfsg.3-2ubuntu1.2) xenial-security; urgency=medium

  * SECURITY UPDATE: XML injection attack
    - debian/patches/07_disable_xsd_support.patch: Drop patch as dom4j is in
      universe in xenial.
    - debian/patches/CVE-2018-1000632.patch: Validate QName inputs - throw
      IllegalArgumentException when qualified name contains disallowed
      character.
    - debian/patches/testng.patch: Build and test AllowedCharsTest to verify
      that CVE-2018-1000632 is correctly addressed.
    - debian/patches/fix_test_names.patch: Fix tests with invalid QNames.
    - debian/control: Add testng, libmsv-java, and librelaxng-datatype-java to
      build-deps.
    - debian/rules: Add testng to ant target and add xsdlib to debian JARs.
    - CVE-2018-1000632

 -- Avital Ostromich <email address hidden>  Mon, 26 Oct 2020 13:04:45 -0400

Available diffs

diff from 1.6.1+dfsg.3-2ubuntu1.1 to 1.6.1+dfsg.3-2ubuntu1.2 (6.7 KiB)

Builds

amd64

Built packages

libdom4j-java flexible XML framework for Java

libdom4j-java-doc documentation for libdom4j-java

Package files

dom4j_1.6.1+dfsg.3-2ubuntu1.2.debian.tar.xz (14.1 KiB)
dom4j_1.6.1+dfsg.3-2ubuntu1.2.dsc (2.2 KiB)
dom4j_1.6.1+dfsg.3.orig.tar.gz (2.2 MiB)
libdom4j-java-doc_1.6.1+dfsg.3-2ubuntu1.2_all.deb (295.7 KiB)
libdom4j-java_1.6.1+dfsg.3-2ubuntu1.2_all.deb (334.7 KiB)