dom4j (1.6.1+dfsg.3-2ubuntu1.2) xenial-security; urgency=medium
* SECURITY UPDATE: XML injection attack
- debian/patches/07_disable_xsd_support.patch: Drop patch as dom4j is in
universe in xenial.
- debian/patches/CVE-2018-1000632.patch: Validate QName inputs - throw
IllegalArgumentException when qualified name contains disallowed
character.
- debian/patches/testng.patch: Build and test AllowedCharsTest to verify
that CVE-2018-1000632 is correctly addressed.
- debian/patches/fix_test_names.patch: Fix tests with invalid QNames.
- debian/control: Add testng, libmsv-java, and librelaxng-datatype-java to
build-deps.
- debian/rules: Add testng to ant target and add xsdlib to debian JARs.
- CVE-2018-1000632
Date: 2020-11-04 23:04:15.859744+00:00
Changed-By: Avital Ostromich <[email protected]>
https://launchpad.net/ubuntu/+source/dom4j/1.6.1+dfsg.3-2ubuntu1.2
Sorry, changesfile not available.
--
Xenial-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes
