Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libxml-security-java 1.5.8-2+deb9u1 (source) into oldoldstable
Date: Mon, 27 Sep 2021 12:10:13 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Sep 2021 12:06:01 +0200
Source: libxml-security-java
Architecture: source
Version: 1.5.8-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
 libxml-security-java (1.5.8-2+deb9u1) stretch-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2021-40690:
     All versions of Apache Santuario are vulnerable to an issue where the
     "secureValidation" property is not passed correctly when creating a KeyInfo
     from a KeyInfoReference element. This allows an attacker to abuse an XPath
     Transform to extract any local .xml files in a RetrievalMethod element.
Checksums-Sha1:
 e09c22b6e68a8e2079457cb853f3efb39e0665a4 2705 libxml-security-java_1.5.8-2+deb9u1.dsc
 306eb1c5f9e02b659de033e2e1c2566bd02758b8 736924 libxml-security-java_1.5.8.orig.tar.xz
 a0aeca0e67ab79db7f05739d6a39bf30ce4eb668 8952 libxml-security-java_1.5.8-2+deb9u1.debian.tar.xz
 69830a5e5ae476afeace2ca8d58075900a4171e2 8288 libxml-security-java_1.5.8-2+deb9u1_source.buildinfo
Checksums-Sha256:
 7dbe7958432911d18e7dc6d5b940aebb1ff5113f892d9aca5aa300632beef8d4 2705 libxml-security-java_1.5.8-2+deb9u1.dsc
 de1aa2e06e9b5ecfe305e0088e0894b7c6528b27ec0070d2acd733d46646333d 736924 libxml-security-java_1.5.8.orig.tar.xz
 6859c7a9f2d8492474c5da939c580912d16297be61d6e623fb5be5dab58f1f49 8952 libxml-security-java_1.5.8-2+deb9u1.debian.tar.xz
 908a8dc19061b7c42253167aa4c8565cd336ab12765cd04a9a092979395f8db0 8288 libxml-security-java_1.5.8-2+deb9u1_source.buildinfo
Files:
 29cd5043afd4f83c4f33af13d591f052 2705 java optional libxml-security-java_1.5.8-2+deb9u1.dsc
 ec4269fd85aef5870f7a975c9db97be1 736924 java optional libxml-security-java_1.5.8.orig.tar.xz
 9f865d316750e9d677fe633a5c7cbbc5 8952 java optional libxml-security-java_1.5.8-2+deb9u1.debian.tar.xz
 5bced4e36fbe0d8ac6f733934362ec05 8288 java optional libxml-security-java_1.5.8-2+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFRsVFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkfGEQANG68EVXYrz3H0hNTepxkGJS0soa57w8ru4H
XlqTv27QJjVCH4Lar/RDLgRKRkRC7A37Bz6sBa8bg/uhO+eYp4ZcoPGFJvGOHUoq
bZMBwdGWRBtAQPl3oI26VHOkQEs71+FaT7SHIEM1NWbRGjogMOwwwGtkYJBIycBD
uHbYLRdeSkyQb36S5bOT1xoRyffeBfOoOMu3YqKAuwoxETPcD/4SQnlOkEvdklX+
zZaX3Evny8Rix014nYHougQ3D0IJA0LP58XaytZzFY7tURJtIK/8pByswNweRM5G
dU1P0qG38V6lPG+Xr+I0Qnjmfz/M0VJpwLf9SCAXYESeNXkxjWhdu0qoJ687zUDA
O9MKsQg5L6Bhppyurr4rw+QN26XO0Od0etQ5ZouwE+AfL9ar+C13FNy5rxrV9nNp
l9SjmuAwAELuOK4cnDtFAd8REXI9AAn6JnJlHIVBSJjQGAxtShofqXlYmMcyHr2C
Rt401c/u2mhUJ+QS6Sm5sUj1dIqw2yu+ihmwbvYkp4vubg/h+VWlBmRoU3ABzTSJ
hAQLw7qOrTjCiYAOgI1w5N1GlrcZ8njad+woohkpxUqSZcfwf2iFCIDNf6yjXvxi
73PzCUPCs8fLvA92pVSyN8BSL1Y7OQ2SKunh+C+IymArZfbagCfENvmNvF9gTf7Q
VgefR/h4
=n+Y3
-----END PGP SIGNATURE-----

News for package libxml-security-java