*** This bug is a security vulnerability *** Public security bug reported:
>From the Debian security advisory at https://www.debian.org/security/2018/dsa-4126 Kelby Ludwig and Scott Cantor discovered that the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to incorrect XML parsing. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180227.txt For the oldstable distribution (jessie), this problem has been fixed in version 1.5.3-2+deb8u3. For the stable distribution (stretch), this problem has been fixed in version 1.6.0-4+deb9u1. We recommend that you upgrade your xmltooling packages. For the detailed security status of xmltooling please refer to its security tracker page at: https://security- tracker.debian.org/tracker/xmltooling This bug is fixed upstream in Debian ** Affects: xmltooling (Ubuntu) Importance: Undecided Status: New ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1752306 Title: Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489] To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1752306/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
