*** This bug is a security vulnerability *** Public security bug reported:
>From the Debian bug report at https://www.debian.org/security/2018/dsa-4085: Philip Huppert discovered the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to mishandling of DTDs in the XMLTooling XML parsing library. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180112.txt For the oldstable distribution (jessie), this problem has been fixed in version 1.5.3-2+deb8u2. The stable distribution (stretch) is not affected. We recommend that you upgrade your xmltooling packages. For the detailed security status of xmltooling please refer to its security tracker page at: https://security- tracker.debian.org/tracker/xmltooling This bug is fixed upstream in Debian. ** Affects: xmltooling (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1743762 Title: Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1743762/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
