Publishing details

Published on 2022-07-20
Copied from ubuntu focal in PPA for Ubuntu Security Proposed by Fabian Toepfer

Changelog

libxml-security-java (2.0.10-2+deb11u1build0.20.04.1) focal-security; urgency=medium

  * fake sync from Debian

libxml-security-java (2.0.10-2+deb11u1) bullseye-security; urgency=high

  * Team upload.
  * Fix CVE-2021-40690:
    Apache Santuario - XML Security for Java is vulnerable to an issue where
    the "secureValidation" property is not passed correctly when creating a
    KeyInfo from a KeyInfoReference element. This allows an attacker to abuse
    an XPath Transform to extract any local .xml files in a RetrievalMethod
    element.

 -- Fabian Toepfer <email address hidden>  Tue, 19 Jul 2022 01:06:52 +0200

Available diffs

diff from 2.0.10-2 (in Debian) to 2.0.10-2+deb11u1build0.20.04.1 (4.9 KiB)

Builds

amd64

Built packages

libxml-security-java Apache Santuario -- XML Security for Java

libxml-security-java-doc Documentation for Apache Santuario

Package files

libxml-security-java-doc_2.0.10-2+deb11u1build0.20.04.1_all.deb (802.8 KiB)
libxml-security-java_2.0.10-2+deb11u1build0.20.04.1.debian.tar.xz (9.5 KiB)
libxml-security-java_2.0.10-2+deb11u1build0.20.04.1.dsc (2.6 KiB)
libxml-security-java_2.0.10-2+deb11u1build0.20.04.1_all.deb (972.6 KiB)
libxml-security-java_2.0.10.orig.tar.xz (781.7 KiB)