I am unsubscribing ubuntu-security-sponsors for now since there is no
artful debdiff to review. Please subscribe ubuntu-security-sponsors
again once an appropriate debdiff is available. Thanks!
** Changed in: xmltooling (Ubuntu Bionic)
Status: Triaged => Fix Released
--
You received this
This bug was fixed in the package xmltooling - 1.5.6-2ubuntu0.1
---
xmltooling (1.5.6-2ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Upstream patch to fix CVE-2018-0486 (LP: #1743762)
- d/p/CVE-2018-0486-Block-entity-reference-nodes-during-unmarshalling.patch:
This bug was fixed in the package xmltooling -
1.5.3-2+deb8u2build0.14.04.1
---
xmltooling (1.5.3-2+deb8u2build0.14.04.1) trusty-security; urgency=medium
* fake sync from Debian (LP: #1743762)
xmltooling (1.5.3-2+deb8u2) jessie-security; urgency=high
* [5c2845b] Add gbp.conf
The attachment "CVE-2018-0486.debdiff" seems to be a debdiff. The
ubuntu-sponsors team has been subscribed to the bug report so that they
can review and hopefully sponsor the debdiff. If the attachment isn't a
patch, please remove the "patch" flag from the attachment, remove the
"patch" tag, and
Debian is working on patches for all of its stable repositories. See
https://lists.alioth.debian.org/pipermail/pkg-shibboleth-
devel/2018-January/thread.html for details.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Here's a debdiff for Xenial. It is my understanding that Trusty can get
a fakesync from Jessie.
** Patch added: "CVE-2018-0486.debdiff"
https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1743762/+attachment/5038524/+files/CVE-2018-0486.debdiff
--
You received this bug notification
** Also affects: xmltooling (Ubuntu Bionic)
Importance: Undecided
Status: Triaged
** Also affects: xmltooling (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: xmltooling (Ubuntu Xenial)
Importance: Undecided
Status: New
** Also affects: xmltooling
** Changed in: xmltooling (Ubuntu)
Status: Incomplete => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1743762
Title:
Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486]
To
Thanks for taking the time to report this bug and helping to make Ubuntu
better. Since the package referred to in this bug is in universe or
multiverse, it is community maintained. If you are able, I suggest
coordinating with upstream and posting a debdiff for this issue. When a
debdiff is
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-0486
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1743762
Title:
Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486]
To
10 matches
Mail list logo
