-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Sep 2021 12:06:01 +0200 Source: libxml-security-java Architecture: source Version: 1.5.8-2+deb9u1 Distribution: stretch-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Changes: libxml-security-java (1.5.8-2+deb9u1) stretch-security; urgency=high . * Team upload. * Fix CVE-2021-40690: All versions of Apache Santuario are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. Checksums-Sha1: e09c22b6e68a8e2079457cb853f3efb39e0665a4 2705 libxml-security-java_1.5.8-2+deb9u1.dsc 306eb1c5f9e02b659de033e2e1c2566bd02758b8 736924 libxml-security-java_1.5.8.orig.tar.xz a0aeca0e67ab79db7f05739d6a39bf30ce4eb668 8952 libxml-security-java_1.5.8-2+deb9u1.debian.tar.xz 69830a5e5ae476afeace2ca8d58075900a4171e2 8288 libxml-security-java_1.5.8-2+deb9u1_source.buildinfo Checksums-Sha256: 7dbe7958432911d18e7dc6d5b940aebb1ff5113f892d9aca5aa300632beef8d4 2705 libxml-security-java_1.5.8-2+deb9u1.dsc de1aa2e06e9b5ecfe305e0088e0894b7c6528b27ec0070d2acd733d46646333d 736924 libxml-security-java_1.5.8.orig.tar.xz 6859c7a9f2d8492474c5da939c580912d16297be61d6e623fb5be5dab58f1f49 8952 libxml-security-java_1.5.8-2+deb9u1.debian.tar.xz 908a8dc19061b7c42253167aa4c8565cd336ab12765cd04a9a092979395f8db0 8288 libxml-security-java_1.5.8-2+deb9u1_source.buildinfo Files: 29cd5043afd4f83c4f33af13d591f052 2705 java optional libxml-security-java_1.5.8-2+deb9u1.dsc ec4269fd85aef5870f7a975c9db97be1 736924 java optional libxml-security-java_1.5.8.orig.tar.xz 9f865d316750e9d677fe633a5c7cbbc5 8952 java optional libxml-security-java_1.5.8-2+deb9u1.debian.tar.xz 5bced4e36fbe0d8ac6f733934362ec05 8288 java optional libxml-security-java_1.5.8-2+deb9u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmFRsVFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkfGEQANG68EVXYrz3H0hNTepxkGJS0soa57w8ru4H XlqTv27QJjVCH4Lar/RDLgRKRkRC7A37Bz6sBa8bg/uhO+eYp4ZcoPGFJvGOHUoq bZMBwdGWRBtAQPl3oI26VHOkQEs71+FaT7SHIEM1NWbRGjogMOwwwGtkYJBIycBD uHbYLRdeSkyQb36S5bOT1xoRyffeBfOoOMu3YqKAuwoxETPcD/4SQnlOkEvdklX+ zZaX3Evny8Rix014nYHougQ3D0IJA0LP58XaytZzFY7tURJtIK/8pByswNweRM5G dU1P0qG38V6lPG+Xr+I0Qnjmfz/M0VJpwLf9SCAXYESeNXkxjWhdu0qoJ687zUDA O9MKsQg5L6Bhppyurr4rw+QN26XO0Od0etQ5ZouwE+AfL9ar+C13FNy5rxrV9nNp l9SjmuAwAELuOK4cnDtFAd8REXI9AAn6JnJlHIVBSJjQGAxtShofqXlYmMcyHr2C Rt401c/u2mhUJ+QS6Sm5sUj1dIqw2yu+ihmwbvYkp4vubg/h+VWlBmRoU3ABzTSJ hAQLw7qOrTjCiYAOgI1w5N1GlrcZ8njad+woohkpxUqSZcfwf2iFCIDNf6yjXvxi 73PzCUPCs8fLvA92pVSyN8BSL1Y7OQ2SKunh+C+IymArZfbagCfENvmNvF9gTf7Q VgefR/h4 =n+Y3 -----END PGP SIGNATURE-----