Publishing details

Published on 2022-07-20
Copied from ubuntu bionic in PPA for Ubuntu Security Proposed by Fabian Toepfer

Changelog

libxml-security-java (2.0.10-2~18.04.1) bionic-security; urgency=medium

  * SECURITY UPDATE: XPath Transform
    - debian/patches/CVE-2021-40690.patch: Apache Santuario - XML Security for
      Java is vulnerable to an issue where the "secureValidation" property is
      not passed correctly when creating a KeyInfo from a KeyInfoReference
      element. This allows an attacker to abuse an XPath Transform to extract
      any local .xml files in a RetrievalMethod element.
    - CVE-2021-40690

 -- Fabian Toepfer <email address hidden>  Wed, 13 Jul 2022 13:56:56 +0200

Available diffs

Builds

amd64

Built packages

libxml-security-java Apache Santuario -- XML Security for Java

libxml-security-java-doc Documentation for Apache Santuario

Package files

libxml-security-java-doc_2.0.10-2~18.04.1_all.deb (802.7 KiB)
libxml-security-java_2.0.10-2~18.04.1.debian.tar.xz (9.6 KiB)
libxml-security-java_2.0.10-2~18.04.1.dsc (2.6 KiB)
libxml-security-java_2.0.10-2~18.04.1_all.deb (972.7 KiB)
libxml-security-java_2.0.10.orig.tar.xz (781.7 KiB)