Publishing details
Changelog
dom4j (1.6.1+dfsg.3-2ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: XML injection attack
- debian/patches/07_disable_xsd_support.patch: Drop patch as dom4j is in
universe in xenial.
- debian/patches/CVE-2018-1000632.patch: Validate QName inputs - throw
IllegalArgumentException when qualified name contains disallowed
character.
- debian/patches/testng.patch: Build and test AllowedCharsTest to verify
that CVE-2018-1000632 is correctly addressed.
- debian/patches/fix_test_names.patch: Fix tests with invalid QNames.
- debian/control: Add testng, libmsv-java, and librelaxng-datatype-java to
build-deps.
- debian/rules: Add testng to ant target and add xsdlib to debian JARs.
- CVE-2018-1000632
-- Avital Ostromich <email address hidden> Mon, 26 Oct 2020 13:04:45 -0400
Builds
Built packages
-
libdom4j-java
flexible XML framework for Java
-
libdom4j-java-doc
documentation for libdom4j-java
Package files