-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : xmltooling Version : 1.4.2-5+deb7u3 CVE ID : CVE-2018-0489
Kelby Ludwig and Scott Cantor discovered that the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to incorrect XML parsing. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180227.txt For Debian 7 "Wheezy", these problems have been fixed in version 1.4.2-5+deb7u3. We recommend that you upgrade your xmltooling packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqXOi5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeQvYg/9GqqBXM6DOkyTis2lMLTo25Vny89YCYEiFWNHFo0MKGHmxX3Py1nQaUpr OqrIT4ciz8nm1ddH/xGZA9OXqI7gRi+fvNVzp0XC0l0M8Z01L9NocCf5F7BsY8YI WB+tZa2IExp+yqahungYiiGa33D/WcRsOc2oULYxwdzqi4O89eAiyM6c5f+GEl9p 20mqh2dvDPK7zNSF9M+bkMNssi4kaoAXIwuWULEUqRTqhobzE+jGDs93zouMvuBT /mEvI/kFDNrMaRKXFMHna8o3wGo4X2a20Sv5NVWuJkmG/hruTpCmtQPrQZLKkBra 6onFoMn6l88vMTKL0QFH5wrQZ2Y2fuFFJ9SNJZZqUifWoFDHgF0CdyR2JdylrVOA jJNyGRhWf3fKyMD6mEZ/3vFLtFY72377ILD3piTvzZVp836jJhknwQvrMNvcsBga AXaZQx2fgAkJjQA4NmTIOMA6ruancx0xvyXQ4ftoiPlCdkLTIJK/J2irA6Qvaw06 S2kTLId1/ka5JepwxUqoToihGpgoHgDVTolJQg5n1YRJJPbaXdMIX0nzkmQKZnsa yjqRpTSDpH1ugyNJBj44Ck5W7+rqULdlQRxdFmE4MQlxmckmcEq3CUTCHGjWCIWl aBQ+RbsCwH27UiGMmrsoWcF5neCCJQACLrro5SIf9xEh6HY2uWY= =1G7g -----END PGP SIGNATURE-----
