Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted libxml-security-java 2.0.10-2+deb10u1 (source) into oldstable->embargoed, oldstable
Date: Mon, 15 Nov 2021 17:13:04 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 14 Nov 2021 21:49:31 +0100
Source: libxml-security-java
Architecture: source
Version: 2.0.10-2+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
 libxml-security-java (2.0.10-2+deb10u1) buster-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2021-40690:
     Apache Santuario - XML Security for Java is vulnerable to an issue where
     the "secureValidation" property is not passed correctly when creating a
     KeyInfo from a KeyInfoReference element. This allows an attacker to abuse
     an XPath Transform to extract any local .xml files in a RetrievalMethod
     element.
Checksums-Sha1:
 b7ac196bd95b7e6b7e0d13a920579876c81bf29e 2741 libxml-security-java_2.0.10-2+deb10u1.dsc
 890a38522bb742a3a7c7f47373b3d8f62b3877fc 800416 libxml-security-java_2.0.10.orig.tar.xz
 1431fc1a91be3e86c42c725588c9bbf6ff1fd2c2 9668 libxml-security-java_2.0.10-2+deb10u1.debian.tar.xz
 c693858d24eb973ba9fd7fb9ec2358dcfa90159d 13350 libxml-security-java_2.0.10-2+deb10u1_source.buildinfo
Checksums-Sha256:
 4479296d85c68405014421065b9425b50d67543dfcd7f5d237fd129d91259d68 2741 libxml-security-java_2.0.10-2+deb10u1.dsc
 0f205c2e911e2b4a706d336d4b117beb1e416a272ec18bd77505f68bd000d158 800416 libxml-security-java_2.0.10.orig.tar.xz
 b46edc344496b1ef617a430c1524449e99bb6f775dc59acb860113f6d0655840 9668 libxml-security-java_2.0.10-2+deb10u1.debian.tar.xz
 77ecabab664272eb2ecb2f694d15d748c3ceb6cfc9522a891d6d050cb4ad1070 13350 libxml-security-java_2.0.10-2+deb10u1_source.buildinfo
Files:
 915e2dad7f196e7c65a85078b4711eeb 2741 java optional libxml-security-java_2.0.10-2+deb10u1.dsc
 c7f34e2b20b5e634834a4ab0ce79d1e9 800416 java optional libxml-security-java_2.0.10.orig.tar.xz
 2e9b8fb6c7832cfea3d83fab5cc24e8a 9668 java optional libxml-security-java_2.0.10-2+deb10u1.debian.tar.xz
 3a358ddef5b90ab7165d5962c08ae05a 13350 java optional libxml-security-java_2.0.10-2+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmGSMNNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkJVYQAJCnEIFUdlo1CqAlV0G8TVW9bc5+VQpZGEBN
F3vCaENFqE9n1yczlAj3ya+q6VH7ARFnAfXuXxlG8IYbNJhyFU46UXbPBIYyw0WL
A+sIKnZu61KbyWMj0I+XmO0zeO6TZSas1Ue6Ek7GitzZxLRCGQlSiRtpxXVzwC3V
f6oW1ftOKlrUqlvBxI5Bwb91DQkfv9bSKn/F0begMYY8EiXiDVd8GdjLYA4SmDkz
hk2mLyWndxA6PnQ3eYuWEpwcOEG/ueXhSlyPe7LzMLh7cvPnSA5ndfZwRLh4zDwP
Zipxizf+cMAak/LWoOysC/D/yftL8qUCP6TpF+TwaVdOWQ22wyXgX9STK93BrvK9
dT9tWZIBs9q8fnhwYtATgR/Lxg8JiTeax9YE+Ej1Qc926jTb+1FGblfRmxC+J2a2
O34fj2p3OGdU9bOxdO1qvpM2ZIugBSInZLXvkSAtZVtoiwkUmvCUVUTBgzk/q26G
7LgRjm/wUrR5gQad/YIWUPaA37F0KSGN/0rSj93SwjUUg7UuPxyVBl8FwVO4jmIH
AfCQLEwJPWkm3c2hUruuI1U+1cP21wby4OCnJrZyiHhmfZpL0KrYJF01OHq3rjjP
5643DICfx/Di8bJ5+09PxCZLP+P/aacvEFpk7q8XlKEPPjDBSfzuZtFxIZPB9KeM
jasp2rJk
=rVea
-----END PGP SIGNATURE-----
News for package libxml-security-java
