Publishing details

Published on 2014-05-21
Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot

Changelog

libxalan2-java (2.7.1-7ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: information disclosure or arbitrary code execution via
    crafted XSLT programs
    - debian/patches/CVE-2014-0107.patch: disable external general
      entities, foreign attributes and access to the system properties in
      src/org/apache/xalan/transformer/TransformerImpl.java,
      src/org/apache/xalan/processor/XSLTElementProcessor.java,
      src/org/apache/xalan/processor/TransformerFactoryImpl.java,
      src/org/apache/xpath/functions/FuncSystemProperty.java.
    - CVE-2014-0107
 -- Marc Deslauriers <email address hidden>   Mon, 31 Mar 2014 13:19:53 -0400

Available diffs

diff from 2.7.1-7 (in Debian) to 2.7.1-7ubuntu0.1 (2.3 KiB)

Builds

i386

Built packages

libxalan2-java XSL Transformations (XSLT) processor in Java

libxalan2-java-doc Documentation and examples for the Xalan-Java XSLT processor

libxsltc-java XSL Transformations (XSLT) compiler from Xalan-Java

Package files

libxalan2-java-doc_2.7.1-7ubuntu0.1_all.deb (4.7 MiB)
libxalan2-java_2.7.1-7ubuntu0.1.debian.tar.gz (17.7 KiB)
libxalan2-java_2.7.1-7ubuntu0.1.dsc (2.5 KiB)
libxalan2-java_2.7.1-7ubuntu0.1_all.deb (3.2 MiB)
libxalan2-java_2.7.1.orig.tar.gz (3.6 MiB)
libxsltc-java_2.7.1-7ubuntu0.1_all.deb (1.2 MiB)