Publishing details
Changelog
libxml-security-java (2.0.10-2+deb11u1build0.20.04.1) focal-security; urgency=medium
* fake sync from Debian
libxml-security-java (2.0.10-2+deb11u1) bullseye-security; urgency=high
* Team upload.
* Fix CVE-2021-40690:
Apache Santuario - XML Security for Java is vulnerable to an issue where
the "secureValidation" property is not passed correctly when creating a
KeyInfo from a KeyInfoReference element. This allows an attacker to abuse
an XPath Transform to extract any local .xml files in a RetrievalMethod
element.
-- Fabian Toepfer <email address hidden> Tue, 19 Jul 2022 01:06:52 +0200
Builds
Built packages
-
libxml-security-java
Apache Santuario -- XML Security for Java
-
libxml-security-java-doc
Documentation for Apache Santuario
Package files