[SECURITY] [DLA 85-1] libxml-security-java security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 85-1] libxml-security-java security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 9 Nov 2014 17:34:59 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1411091711150.9700@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libxml-security-java
Version        : 1.4.3-2+deb6u1
CVE ID         : CVE-2013-2172

James Forshaw discovered that, in Apache Santuario XML Security for
Java, CanonicalizationMethod parameters were incorrectly validated:
by specifying an arbitrary weak canonicalization algorithm, an
attacker could spoof XML signatures.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJUX5ezXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hH1v4QAKGeS8bqO5/cfenGziPC0+P2
/WUeCcKCGT26pwid48Hjdj855ozzrK6hTXD+a/9xxcd7kktI4h2SYVe1nbtc0NHa
ILb2b8YG+BBVC6JEpjVTXjsArhYe5a+qT9UsF3jIJqmjZaqHI3Ki6dlofI66kHWo
Lq2j8i2yWJgPEB0YPeTBSSJU40PyI51zT9z/MAlv9FuSvAvpyKOmyWl6LTeUiKfT
QwL89rrcoss+ii82mUYjtY3C5UxQJuNkPMKtpNJDwphtAJSu6VM2VxFyPTtmQK5T
3SBodu9jKh5o9u/0O0pstdAcpXzdPoIX32IGMIc3vuTZJQ4cf2IoXW385KKOv8MB
MXppUOdgypnIYiAJL6vBnx/t2zFe0KGubsDH5YOpqVg82gEpkYSqvbiteot8f55H
/35cKDdK0M/YyWcL8uCC+Vy0uITpWNCmpuWnMBn3BNhOnHetvSpEqTK/TSgnL9fQ
Bnrj3EZ2f8AOhBbA+2wlElxXbPWE/VLbHuAGbvPHg6RruEpOSV1Qm5Rn5hJnV2HI
hyuHWWt8uT19Y1LM8zByZjWZ8MWz0nW/rPnuYtiBwfKb4P4PZOYVQ/WP2B0my7Zj
huS/Td5bxecMokJkvs4lfZNDRyCjCUZLKt26AK0HWcake7Dt866nI1R7jrbv2HUl
apITwD7eqpw6KSiq2wcG
=p4Oh
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 84-1] curl security update
Next by Date: [SECURITY] [DLA 86-1] file security update
Previous by thread: [SECURITY] [DLA 84-1] curl security update
Next by thread: [SECURITY] [DLA 86-1] file security update
Index(es):
- Date
- Thread