This bug was fixed in the package xmltooling - 1.5.6-2ubuntu0.2
---------------
xmltooling (1.5.6-2ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Upstream patch to fix CVE-2018-0489 (LP: #1752306)
- d/p/Add-disallowDoctype-to-parser-configuration.patch:
Generic protection against data forgery. Irrelevant under
Xerces 3.1, but is a pre-req for the CVE-2018-0489 patch.
- d/p/CVE-2018-0489-Fix-additional-data-forgery-flaws.patch:
New patches fixing CVE-2018-0489: additional data forgery flaws.
These flaws allow for changes to an XML document that do not break a
digital signature but alter the user data passed through to applications
enabling impersonation attacks and exposure of protected information.
-- Ray Link <rlink+launch...@cs.cmu.edu> Thu, 29 Mar 2018 15:17:35
-0400
** Changed in: xmltooling (Ubuntu Xenial)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1752306
Title:
Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1752306/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
