[SECURITY] [DLA 1242-1] xmltooling security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1242-1] xmltooling security update
From: Markus Koschany <apo@debian.org>
Date: Sun, 14 Jan 2018 23:09:31 +0100
Message-id: <[🔎] 899ef2df-0d18-7db3-cb12-12b46e068d39@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : xmltooling
Version        : 1.4.2-5+deb7u2
CVE ID         : CVE-2018-0486

Philip Huppert discovered the Shibboleth service provider is vulnerable
to impersonation attacks and information disclosure due to mishandling
of DTDs in the XMLTooling XML parsing library. For additional details
please refer to the upstream advisory at

https://shibboleth.net/community/advisories/secadv_20180112.txt

For Debian 7 "Wheezy", these problems have been fixed in version
1.4.2-5+deb7u2.

We recommend that you upgrade your xmltooling packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlpb1RpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRSwQ/+LiX/m9wQQy3onmJUz+bgV1syQ9Svrs4DAKYYDT0kEC6psVj+OG6xZFw4
l2MfVFb8tCdtUa6QVKEQs6QzfrakaTkjyjRSD9RIU/hbxuhlLCBlJUXZ+/j6hRwe
EIKwvHnIWcvPjhQU6zy2aQn+8EQpVwplui8OVvN+D6NAyWfWADp3SUkFRYj81vk6
23pHmHcqDXFn2daOBPW2H9GevPdy3StyAUblNTBkUzr6maTd5sHXg8HJA+Kophz6
jmZRdPPnsLaoy4hund6Ng5NMsyGOh6g2bYviKL0gf9PXbFNgaaX5T6TYFVPABjiP
YSCX1lUbfsmazygIgdoN6BoIvWFgepcFTesr6H6Zr9RU3eP4TioSYc28BQdSwrUX
sa8sRE1AWDd1Q1E/5m4xzJmCh6R/totl2lpebmRQ8Ob4mr9bVYokHE+HBYsoeN/N
UvozMzuL6IuYxDUONjDZ9f0+NakMSAQyPu+3Bs62G62PEF0iymP8nIIoSr7MwFvJ
BteiojUeYlegSK6bLNEH5YNC1HAVqvA+0A13cdHHgZq1He3zib1w5pul0PVFbGzH
/rsI3X8TXMwxIkq2CsBR2VQlDGjtVzB0DPGeuetVxsdlPeUZ6iz/Hp6W7VfvMLpb
GN7YoS9FEYxiaT0otSUyiG667L1heSjBItELDKDCusxb522TvDo=
=W3SL
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1241-1] libkohana2-php security update
Next by Date: [SECURITY] [DLA 1244-1] ca-certificates update
Previous by thread: [SECURITY] [DLA 1241-1] libkohana2-php security update
Next by thread: [SECURITY] [DLA 1244-1] ca-certificates update
Index(es):
- Date
- Thread