-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 14 Nov 2021 21:49:31 +0100 Source: libxml-security-java Architecture: source Version: 2.0.10-2+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Changes: libxml-security-java (2.0.10-2+deb11u1) bullseye-security; urgency=high . * Team upload. * Fix CVE-2021-40690: Apache Santuario - XML Security for Java is vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element. Checksums-Sha1: f23f65ab00e41831be353a35d9124395842cae98 2741 libxml-security-java_2.0.10-2+deb11u1.dsc 890a38522bb742a3a7c7f47373b3d8f62b3877fc 800416 libxml-security-java_2.0.10.orig.tar.xz e6b78891485a0619d69cce5c9dbbe24873389a20 9672 libxml-security-java_2.0.10-2+deb11u1.debian.tar.xz 9762ac14142659dd8e2f34f2238a8dbfb617635d 13350 libxml-security-java_2.0.10-2+deb11u1_source.buildinfo Checksums-Sha256: 20b00d9b8bf1ea95b421cc20fb006a6cbe248ee836df6b145d50d6c04eaffb0d 2741 libxml-security-java_2.0.10-2+deb11u1.dsc 0f205c2e911e2b4a706d336d4b117beb1e416a272ec18bd77505f68bd000d158 800416 libxml-security-java_2.0.10.orig.tar.xz 571f7728edb6ec57fe029f3c801dfec3c7fd13d06785dfebf6635a5a90dc00e2 9672 libxml-security-java_2.0.10-2+deb11u1.debian.tar.xz 300e4cf6ab7f4cf546b031b5ec61d7f3baaefd233edc916cac72f205174f5fe1 13350 libxml-security-java_2.0.10-2+deb11u1_source.buildinfo Files: d1ed00f15742b36baced3b3aa88730c6 2741 java optional libxml-security-java_2.0.10-2+deb11u1.dsc c7f34e2b20b5e634834a4ab0ce79d1e9 800416 java optional libxml-security-java_2.0.10.orig.tar.xz 04fffbc5baa38e82105c244909c264f3 9672 java optional libxml-security-java_2.0.10-2+deb11u1.debian.tar.xz 1ab58f97d618a96081db667ab0c2ae91 13350 java optional libxml-security-java_2.0.10-2+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmGSMI5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkO6AP/RkhB1foPtQ/6TVw564/U/ttDA2pcP/m1g54 T+rwcm81li35Lh69qexupg/OrS85fx121J5n087ecu3Ec9EToep+UhwMY7+AKmm/ G1fgPNc1/GVYUk6bPjP2DRYXLgXuYEhzJuUqHvrIO7DdbvKKPDLxVqArqJU5Z3JA jT3J9gkDKO1hQ71kk+S/N4AZsqw8z5B8qE1bh+v+kJNE0EERWb3EZl0iuj02tGSv YEc4VBQhgstZHYNh6cz2XtUMrmjaVVOaQ2u1525aCuFwtvV7XW/B+xkZTg26zj4I fe59oTt9LiTHNA44Zb8NLF1N2BnNBgSarcD/I9g5BuE7XInnb/NuMkaLh9m0YgMr ocz3R5mo1r/r1/7PS8EULlCynhw4uYDgYw0AwHydF0X5IPBQ6h7AptDSBsjYogV2 TnhCeVdQSQOXFUcx3TucFzeOwJrDW3Kn4qxfbDzXsBWBpabijk+e8E+Se+ijpIAE wNoSe5x4BojX0Tv2VFkocmyToRnAj8PlQmTkPpf4ZoRmzuGe85JXJYy3N/rx+IMO rDmc1G59CmqDp05qBkwPVimEspXZe+vxwsVH3yd/UB288Jc3fEj/QHpntnFi0kWK u1KO7qs4EFHRazwihz+w1eH7N8chpvwPkM4sCYYM73R3QVIbOiCHM4LMqD9bOuuq QoyxNukh =5cf+ -----END PGP SIGNATURE-----