[SECURITY] [DLA 1296-1] xmltooling security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1296-1] xmltooling security update
From: Markus Koschany <apo@debian.org>
Date: Thu, 1 Mar 2018 00:24:30 +0100
Message-id: <[🔎] 10bf5d45-2023-40b6-ac7d-ad347b03c779@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package : xmltooling
Version : 1.4.2-5+deb7u3
CVE ID : CVE-2018-0489

Kelby Ludwig and Scott Cantor discovered that the Shibboleth service
provider is vulnerable to impersonation attacks and information
disclosure due to incorrect XML parsing. For additional details please
refer to the upstream advisory at
https://shibboleth.net/community/advisories/secadv_20180227.txt

For Debian 7 "Wheezy", these problems have been fixed in version
1.4.2-5+deb7u3.

We recommend that you upgrade your xmltooling packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqXOi5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeQvYg/9GqqBXM6DOkyTis2lMLTo25Vny89YCYEiFWNHFo0MKGHmxX3Py1nQaUpr
OqrIT4ciz8nm1ddH/xGZA9OXqI7gRi+fvNVzp0XC0l0M8Z01L9NocCf5F7BsY8YI
WB+tZa2IExp+yqahungYiiGa33D/WcRsOc2oULYxwdzqi4O89eAiyM6c5f+GEl9p
20mqh2dvDPK7zNSF9M+bkMNssi4kaoAXIwuWULEUqRTqhobzE+jGDs93zouMvuBT
/mEvI/kFDNrMaRKXFMHna8o3wGo4X2a20Sv5NVWuJkmG/hruTpCmtQPrQZLKkBra
6onFoMn6l88vMTKL0QFH5wrQZ2Y2fuFFJ9SNJZZqUifWoFDHgF0CdyR2JdylrVOA
jJNyGRhWf3fKyMD6mEZ/3vFLtFY72377ILD3piTvzZVp836jJhknwQvrMNvcsBga
AXaZQx2fgAkJjQA4NmTIOMA6ruancx0xvyXQ4ftoiPlCdkLTIJK/J2irA6Qvaw06
S2kTLId1/ka5JepwxUqoToihGpgoHgDVTolJQg5n1YRJJPbaXdMIX0nzkmQKZnsa
yjqRpTSDpH1ugyNJBj44Ck5W7+rqULdlQRxdFmE4MQlxmckmcEq3CUTCHGjWCIWl
aBQ+RbsCwH27UiGMmrsoWcF5neCCJQACLrro5SIf9xEh6HY2uWY=
=1G7g
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1295-1] drupal7 security update
Previous by thread: [SECURITY] [DLA 1295-1] drupal7 security update
Index(es):
- Date
- Thread