libxml-security-java 2.1.7-1 source package in Ubuntu
Changelog
libxml-security-java (2.1.7-1) unstable; urgency=high * Team upload. * New upstream version 2.1.7. - Fix CVE-2019-12400: In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4. (Closes: #935548) - Fix CVE-2021-40690: All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. (Closes: #994569) * Switch to debhelper-compat = 13. * Declare compliance with Debian Policy 4.6.0. * Drop 0001-Recover-old-API-for-libitext5-java.patch. This appears to work now. * Add no-errorprone.patch and ignore errorprone core artifact. * Update debian/watch and detect new releases on github.com. * Remove old orig-tar.sh script and use the Files-Excluded mechanism instead. -- Markus Koschany <email address hidden> Thu, 23 Sep 2021 23:29:16 +0200
Upload details
- Uploaded by:
- Debian Java Maintainers
- Uploaded to:
- Sid
- Original maintainer:
- Debian Java Maintainers
- Architectures:
- all
- Section:
- java
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
libxml-security-java_2.1.7-1.dsc | 2.6 KiB | e8141eb120d087bcfe15c71947549ba508e923287d29adf478eb4c369df71f52 |
libxml-security-java_2.1.7.orig.tar.xz | 736.5 KiB | 3ae6295caf43d9376e132b3d2fdea7c5a7af4a3c82554c257fc9b55426b2d6ee |
libxml-security-java_2.1.7-1.debian.tar.xz | 5.7 KiB | f370b63dff0ce82be0ba01391d885304cc13846b97e325edf78a8e4a12c1056d |
Available diffs
- diff from 2.0.10-2 to 2.1.7-1 (455.3 KiB)
No changes file available.
Binary packages built by this source
- libxml-security-java: Apache Santuario -- XML Security for Java
Apache Santuario supports XML-Signature Syntax and Processing, W3C
Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C
Recommendation 10 December 2002. As of version 1.4, the Java library supports
the standard Java API JSR-105: XML Digital Signature APIs.
- libxml-security-java-doc: Documentation for Apache Santuario
Apache Santuario supports XML-Signature Syntax and Processing, W3C
Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C
Recommendation 10 December 2002. As of version 1.4, the Java library supports
the standard Java API JSR-105: XML Digital Signature APIs.
.
This package contains the API documentation of libxml-security- java.