-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 24 Sep 2018 15:03:22 +0200
Source: dom4j
Binary: libdom4j-java libdom4j-java-doc
Architecture: source all
Version: 1.6.1+dfsg.3-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Java Maintainers
<pkg-java-maintain...@lists.alioth.debian.org>
Changed-By: Markus Koschany <a...@debian.org>
Description:
libdom4j-java - flexible XML framework for Java
libdom4j-java-doc - documentation for libdom4j-java
Changes:
dom4j (1.6.1+dfsg.3-2+deb8u1) jessie-security; urgency=high
.
* Team upload.
* Fix CVE-2018-1000632:
Mario Areias discovered that dom4j, a XML framework for Java, was
vulnerable to a XML injection attack. An attacker able to specify
attributes or elements in the XML document might be able to modify the
whole XML document.
* Compile with source/target 1.5 to fix a compilation issue with
String.format.
* Add testng to Build-Depends. Build and test AllowedCharsTest to verify that
CVE-2018-1000632 is correctly addressed.
Checksums-Sha1:
b85ecaf69b2bdd39cf00b8c7585760b56bd70471 2475 dom4j_1.6.1+dfsg.3-2+deb8u1.dsc
205345af66946df5a33048395aaf50efb93dd88a 2315230 dom4j_1.6.1+dfsg.3.orig.tar.gz
77bdbfb6f509988983cd2eeddcad95f125254c3d 12712
dom4j_1.6.1+dfsg.3-2+deb8u1.debian.tar.xz
f339d24d1381a6aac38cef1aa498aa94ed6674f7 347998
libdom4j-java_1.6.1+dfsg.3-2+deb8u1_all.deb
0636ed748cfd11420f084670e4aba76a8f421265 155786
libdom4j-java-doc_1.6.1+dfsg.3-2+deb8u1_all.deb
Checksums-Sha256:
38d596a2bc1544187ec9e759123c408b937efc98481d056d23c10799592df114 2475
dom4j_1.6.1+dfsg.3-2+deb8u1.dsc
d586686e1888effa5eed9a2eb085bda534ed9387769079e4f9bc8fd2ab5da5ae 2315230
dom4j_1.6.1+dfsg.3.orig.tar.gz
37584d72c9a07a21fa057dd36d0e69124573f5d6e620ef5c19d5331405a9ed85 12712
dom4j_1.6.1+dfsg.3-2+deb8u1.debian.tar.xz
c3f8ebd77f2f355b2146fbf1fa381f5c1524990a7b43151fa5fb735c3b23f235 347998
libdom4j-java_1.6.1+dfsg.3-2+deb8u1_all.deb
f1e4561790daba7303d5ca5712f6834b4661980af5c9b5a6d827bdd5005b62a0 155786
libdom4j-java-doc_1.6.1+dfsg.3-2+deb8u1_all.deb
Files:
0f19a918966f21af686022b1c2dcf3f4 2475 java optional
dom4j_1.6.1+dfsg.3-2+deb8u1.dsc
82a729746a518e9958373c3c0280a686 2315230 java optional
dom4j_1.6.1+dfsg.3.orig.tar.gz
392503c86aee4fdabd5a730d853fee32 12712 java optional
dom4j_1.6.1+dfsg.3-2+deb8u1.debian.tar.xz
e526fe7d6795621050e7d00b32272e13 347998 java optional
libdom4j-java_1.6.1+dfsg.3-2+deb8u1_all.deb
7067540cb354f0c8d1c1203789622761 155786 doc optional
libdom4j-java-doc_1.6.1+dfsg.3-2+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlupHJxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkRYUP/2GlGxSNoIWysIYKF3e5Z5871FdQDH/sF4x1
t6uKGP3O9kjT637fBqJuQ8d2MQ2Crjhv6wFeaR11fVI1/rB2qnG1KtzRPd7+DH5f
j6m4xli8awHCphkS5BGGgtbTvmQyGmZwlq+hc29EykBooMYWQdmcA/WlQVvwEUps
kmCQpoAlgAZKvn59e+5HTw73ZHSn5h+Xb4QeJCKlpz6fk6/sdhXCsKlssIdj+zeO
3CyLEsoO7m3K+S/102Yey7YUZ/pRYxxsoWSQdkgtz5evXFfWBj7WkY5MAnnkK/Ec
K3kJOapP/1UZZ9vMXTRRjR3ZdW+mUvOYyr0LexQH3vYF9psAevP3iPSqhEqzJRey
hT84NuvszKhBrBepHMauu2IOKSO27TGL1H48KfPXK2d+sE2pfZ3Z2JIT3cxo5Omx
1ewuz3HiWIGvceJpeLDeulM/PNX56W5GrVfgsZrXIYaCzWuH9r+g4EW3rsd5LI+d
iSSgrzASy9/JzJnAIiKIbDi9FtN4lpL6XbVM+D+hifyKpWkWEqwjWltgFYrRCRPy
AyiWR1ZVRsyQzc4fq6DWtWTBHJ3jiqWo5KKR5u9wZfloam0J7aVMMnc+Fn/2FYQ/
jho+ciWSjkpw0+C2IZHPRzZ3k1ztPARtZRiXiZz0dNIMspMkRnhEQL29cma7thGc
s4s5gmjY
=R2L/
-----END PGP SIGNATURE-----
