Copied from
ubuntu precise in
Private PPA for Ubuntu Security Team
by Ubuntu Archive Robot
Changelog
libxalan2-java (2.7.1-7ubuntu0.1) precise-security; urgency=medium
* SECURITY UPDATE: information disclosure or arbitrary code execution via
crafted XSLT programs
- debian/patches/CVE-2014-0107.patch: disable external general
entities, foreign attributes and access to the system properties in
src/org/apache/xalan/transformer/TransformerImpl.java,
src/org/apache/xalan/processor/XSLTElementProcessor.java,
src/org/apache/xalan/processor/TransformerFactoryImpl.java,
src/org/apache/xpath/functions/FuncSystemProperty.java.
- CVE-2014-0107
-- Marc Deslauriers <email address hidden> Mon, 31 Mar 2014 13:19:53 -0400