Debian Security Advisory
DLA-85-1 libxml-security-java -- LTS security update
- Date Reported:
- 09 Nov 2014
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2013-2172.
- More information:
James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures.
For Debian 6
Squeeze, these issues have been fixed in libxml-security-java version 1.4.3-2+deb6u1