1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted libxml-security-java 2.0.10-2+deb11u1 (source) into proposed-u

    From Debian FTP Masters@21:1/5 to All on Mon Nov 15 20:20:02 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sun, 14 Nov 2021 21:49:31 +0100
    Source: libxml-security-java
    Architecture: source
    Version: 2.0.10-2+deb11u1
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
    Changed-By: Markus Koschany <apo@debian.org>
    Changes:
    libxml-security-java (2.0.10-2+deb11u1) bullseye-security; urgency=high
    .
    * Team upload.
    * Fix CVE-2021-40690:
    Apache Santuario - XML Security for Java is vulnerable to an issue where
    the "secureValidation" property is not passed correctly when creating a
    KeyInfo from a KeyInfoReference element. This allows an attacker to abuse
    an XPath Transform to extract any local .xml files in a RetrievalMethod
    element.
    Checksums-Sha1:
    f23f65ab00e41831be353a35d9124395842cae98 2741 libxml-security-java_2.0.10-2+deb11u1.dsc
    890a38522bb742a3a7c7f47373b3d8f62b3877fc 800416 libxml-security-java_2.0.10.orig.tar.xz
    e6b78891485a0619d69cce5c9dbbe24873389a20 9672 libxml-security-java_2.0.10-2+deb11u1.debian.tar.xz
    9762ac14142659dd8e2f34f2238a8dbfb617635d 13350 libxml-security-java_2.0.10-2+deb11u1_source.buildinfo
    Checksums-Sha256:
    20b00d9b8bf1ea95b421cc20fb006a6cbe248ee836df6b145d50d6c04eaffb0d 2741 libxml-security-java_2.0.10-2+deb11u1.dsc
    0f205c2e911e2b4a706d336d4b117beb1e416a272ec18bd77505f68bd000d158 800416 libxml-security-java_2.0.10.orig.tar.xz
    571f7728edb6ec57fe029f3c801dfec3c7fd13d06785dfebf6635a5a90dc00e2 9672 libxml-security-java_2.0.10-2+deb11u1.debian.tar.xz
    300e4cf6ab7f4cf546b031b5ec61d7f3baaefd233edc916cac72f205174f5fe1 13350 libxml-security-java_2.0.10-2+deb11u1_source.buildinfo
    Files:
    d1ed00f15742b36baced3b3aa88730c6 2741 java optional libxml-security-java_2.0.10-2+deb11u1.dsc
    c7f34e2b20b5e634834a4ab0ce79d1e9 800416 java optional libxml-security-java_2.0.10.orig.tar.xz
    04fffbc5baa38e82105c244909c264f3 9672 java optional libxml-security-java_2.0.10-2+deb11u1.debian.tar.xz
    1ab58f97d618a96081db667ab0c2ae91 13350 java optional libxml-security-java_2.0.10-2+deb11u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmGSMI5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkO6AP/RkhB1foPtQ/6TVw564/U/ttDA2pcP/m1g54 T+rwcm81li35Lh69qexupg/OrS85fx121J5n087ecu3Ec9EToep+UhwMY7+AKmm/ G1fgPNc1/GVYUk6bPjP2DRYXLgXuYEhzJuUqHvrIO7DdbvKKPDLxVqArqJU5Z3JA jT3J9gkDKO1hQ71kk+S/N4AZsqw8z5B8qE1bh+v+kJNE0EERWb3EZl0iuj02tGSv YEc4VBQhgstZHYNh6cz2XtUMrmjaVVOaQ2u1525aCuFwtvV7XW/B+xkZTg26zj4I fe59oTt9LiTHNA44Zb8NLF1N2BnNBgSarcD/I9g5BuE7XInnb/NuMkaLh9m0YgMr ocz3R5mo1r/r1/7PS8EULlCynhw4uYDgYw0AwHydF0X5IPBQ6h7AptDSBsjYogV2 TnhCeVdQSQOXFUcx3TucFzeOwJrDW3Kn4qxfbDzXsBWBpabijk+e8E+Se+ijpIAE wNoSe5x4BojX0Tv2VFkocmyToRnAj8PlQmTkPpf4ZoRmzuGe85JXJYy3N/rx+IMO rDmc1G59CmqDp05qBkwPVimEspXZe+vxwsVH3yd/UB288Jc3fEj/QHpntnFi0kWK u1KO7qs4EFHRazwihz+w1eH7N8chpvwPkM4sCYYM73R3QVIbOiCHM4LMqD9bOuuq
    QoyxNukh
    =5cf+
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)