1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted libxml-security-java 2.0.10-2+deb10u1 (source) into oldstable-

    From Debian FTP Masters@21:1/5 to All on Fri Nov 19 13:20:02 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sun, 14 Nov 2021 21:49:31 +0100
    Source: libxml-security-java
    Architecture: source
    Version: 2.0.10-2+deb10u1
    Distribution: buster-security
    Urgency: high
    Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
    Changed-By: Markus Koschany <apo@debian.org>
    Changes:
    libxml-security-java (2.0.10-2+deb10u1) buster-security; urgency=high
    .
    * Team upload.
    * Fix CVE-2021-40690:
    Apache Santuario - XML Security for Java is vulnerable to an issue where
    the "secureValidation" property is not passed correctly when creating a
    KeyInfo from a KeyInfoReference element. This allows an attacker to abuse
    an XPath Transform to extract any local .xml files in a RetrievalMethod
    element.
    Checksums-Sha1:
    b7ac196bd95b7e6b7e0d13a920579876c81bf29e 2741 libxml-security-java_2.0.10-2+deb10u1.dsc
    890a38522bb742a3a7c7f47373b3d8f62b3877fc 800416 libxml-security-java_2.0.10.orig.tar.xz
    1431fc1a91be3e86c42c725588c9bbf6ff1fd2c2 9668 libxml-security-java_2.0.10-2+deb10u1.debian.tar.xz
    c693858d24eb973ba9fd7fb9ec2358dcfa90159d 13350 libxml-security-java_2.0.10-2+deb10u1_source.buildinfo
    Checksums-Sha256:
    4479296d85c68405014421065b9425b50d67543dfcd7f5d237fd129d91259d68 2741 libxml-security-java_2.0.10-2+deb10u1.dsc
    0f205c2e911e2b4a706d336d4b117beb1e416a272ec18bd77505f68bd000d158 800416 libxml-security-java_2.0.10.orig.tar.xz
    b46edc344496b1ef617a430c1524449e99bb6f775dc59acb860113f6d0655840 9668 libxml-security-java_2.0.10-2+deb10u1.debian.tar.xz
    77ecabab664272eb2ecb2f694d15d748c3ceb6cfc9522a891d6d050cb4ad1070 13350 libxml-security-java_2.0.10-2+deb10u1_source.buildinfo
    Files:
    915e2dad7f196e7c65a85078b4711eeb 2741 java optional libxml-security-java_2.0.10-2+deb10u1.dsc
    c7f34e2b20b5e634834a4ab0ce79d1e9 800416 java optional libxml-security-java_2.0.10.orig.tar.xz
    2e9b8fb6c7832cfea3d83fab5cc24e8a 9668 java optional libxml-security-java_2.0.10-2+deb10u1.debian.tar.xz
    3a358ddef5b90ab7165d5962c08ae05a 13350 java optional libxml-security-java_2.0.10-2+deb10u1_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmGSMNNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkJVYQAJCnEIFUdlo1CqAlV0G8TVW9bc5+VQpZGEBN F3vCaENFqE9n1yczlAj3ya+q6VH7ARFnAfXuXxlG8IYbNJhyFU46UXbPBIYyw0WL A+sIKnZu61KbyWMj0I+XmO0zeO6TZSas1Ue6Ek7GitzZxLRCGQlSiRtpxXVzwC3V f6oW1ftOKlrUqlvBxI5Bwb91DQkfv9bSKn/F0begMYY8EiXiDVd8GdjLYA4SmDkz hk2mLyWndxA6PnQ3eYuWEpwcOEG/ueXhSlyPe7LzMLh7cvPnSA5ndfZwRLh4zDwP Zipxizf+cMAak/LWoOysC/D/yftL8qUCP6TpF+TwaVdOWQ22wyXgX9STK93BrvK9 dT9tWZIBs9q8fnhwYtATgR/Lxg8JiTeax9YE+Ej1Qc926jTb+1FGblfRmxC+J2a2 O34fj2p3OGdU9bOxdO1qvpM2ZIugBSInZLXvkSAtZVtoiwkUmvCUVUTBgzk/q26G 7LgRjm/wUrR5gQad/YIWUPaA37F0KSGN/0rSj93SwjUUg7UuPxyVBl8FwVO4jmIH AfCQLEwJPWkm3c2hUruuI1U+1cP21wby4OCnJrZyiHhmfZpL0KrYJF01OHq3rjjP 5643DICfx/Di8bJ5+09PxCZLP+P/aacvEFpk7q8XlKEPPjDBSfzuZtFxIZPB9KeM
    jasp2rJk
    =rVea
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)