Format: 1.8 Date: Wed, 13 Jul 2022 13:56:56 +0200 Source: libxml-security-java Binary: libxml-security-java libxml-security-java-doc Architecture: all Version: 2.0.10-2~18.04.1 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Fabian Toepfer Description: libxml-security-java - Apache Santuario -- XML Security for Java libxml-security-java-doc - Documentation for Apache Santuario Changes: libxml-security-java (2.0.10-2~18.04.1) bionic-security; urgency=medium . * SECURITY UPDATE: XPath Transform - debian/patches/CVE-2021-40690.patch: Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. - CVE-2021-40690 Checksums-Sha1: 37a8d2c8e01548eac5740908061d3e475c738a88 822000 libxml-security-java-doc_2.0.10-2~18.04.1_all.deb 54ea0ed2f143f58cd6b9d7e5f62e75613580f7a2 996040 libxml-security-java_2.0.10-2~18.04.1_all.deb b5588053ac0c7872c4830cecbcadd8aa9ebefa94 15973 libxml-security-java_2.0.10-2~18.04.1_amd64.buildinfo Checksums-Sha256: 79ae6dd91aab15466a3bec724cb2b11be7b8c7229213ce39892187855ad3e4dc 822000 libxml-security-java-doc_2.0.10-2~18.04.1_all.deb df09dee57e154cfc281d42b5bff853d40beb740cddce32d19a4bcce1532cb7ba 996040 libxml-security-java_2.0.10-2~18.04.1_all.deb aaa83beb95b2d540f2fb40886ce3c1e6459525e93e0f6a2035d26a7d9a336c50 15973 libxml-security-java_2.0.10-2~18.04.1_amd64.buildinfo Files: e62e3eb7a851df19d920e64135902db2 822000 doc optional libxml-security-java-doc_2.0.10-2~18.04.1_all.deb 5ac0de9a40a561c5664d8e7fa189d979 996040 java optional libxml-security-java_2.0.10-2~18.04.1_all.deb bd00a6b006ca0f1384a6d1cf8cfef267 15973 java optional libxml-security-java_2.0.10-2~18.04.1_amd64.buildinfo