xmltooling (1.5.6-2ubuntu0.2) xenial-security; urgency=medium
* SECURITY UPDATE: Upstream patch to fix CVE-2018-0489 (LP: #1752306)
- d/p/Add-disallowDoctype-to-parser-configuration.patch:
Generic protection against data forgery. Irrelevant under
Xerces 3.1, but is a pre-req for the CVE-2018-0489 patch.
- d/p/CVE-2018-0489-Fix-additional-data-forgery-flaws.patch:
New patches fixing CVE-2018-0489: additional data forgery flaws.
These flaws allow for changes to an XML document that do not break a
digital signature but alter the user data passed through to applications
enabling impersonation attacks and exposure of protected information.
Date: 2018-03-30 01:56:59.759236+00:00
Changed-By: Ray Link <[email protected]>
Signed-By: Ubuntu Archive Robot
<[email protected]>
https://launchpad.net/ubuntu/+source/xmltooling/1.5.6-2ubuntu0.2
Sorry, changesfile not available.
--
Xenial-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
