This bug was fixed in the package xmltooling - 1.5.3-2+deb8u3ubuntu0.1 --------------- xmltooling (1.5.3-2+deb8u3ubuntu0.1) trusty-security; urgency=high
* SECURITY UPDATE: uncaught exception on malformed XML declaration Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker. - debian/patches/CVE-2019-9628.patch - CVE-2019-9628 - https://shibboleth.net/community/advisories/secadv_20190311.txt - LP: #1819912 -- Etienne Dysli Metref <etienne.dysli-met...@switch.ch> Thu, 14 Mar 2019 11:56:34 +0100 ** Changed in: xmltooling (Ubuntu Trusty) Status: In Progress => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1819912 Title: CVE-2019-9628 XML parser class fails to trap exceptions on malformed XML declaration Status in xmltooling package in Ubuntu: Fix Released Status in xmltooling source package in Trusty: Fix Released Status in xmltooling source package in Xenial: Fix Released Status in xmltooling source package in Bionic: Fix Released Status in xmltooling package in Debian: Fix Released Bug description: https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=af27c422f551e16989ff6f1722d83614c8550eb5 https://security-tracker.debian.org/tracker/CVE-2019-9628 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1819912/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp