-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Sep 2018 15:03:22 +0200 Source: dom4j Binary: libdom4j-java libdom4j-java-doc Architecture: source all Version: 1.6.1+dfsg.3-2+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libdom4j-java - flexible XML framework for Java libdom4j-java-doc - documentation for libdom4j-java Changes: dom4j (1.6.1+dfsg.3-2+deb8u1) jessie-security; urgency=high . * Team upload. * Fix CVE-2018-1000632: Mario Areias discovered that dom4j, a XML framework for Java, was vulnerable to a XML injection attack. An attacker able to specify attributes or elements in the XML document might be able to modify the whole XML document. * Compile with source/target 1.5 to fix a compilation issue with String.format. * Add testng to Build-Depends. Build and test AllowedCharsTest to verify that CVE-2018-1000632 is correctly addressed. Checksums-Sha1: b85ecaf69b2bdd39cf00b8c7585760b56bd70471 2475 dom4j_1.6.1+dfsg.3-2+deb8u1.dsc 205345af66946df5a33048395aaf50efb93dd88a 2315230 dom4j_1.6.1+dfsg.3.orig.tar.gz 77bdbfb6f509988983cd2eeddcad95f125254c3d 12712 dom4j_1.6.1+dfsg.3-2+deb8u1.debian.tar.xz f339d24d1381a6aac38cef1aa498aa94ed6674f7 347998 libdom4j-java_1.6.1+dfsg.3-2+deb8u1_all.deb 0636ed748cfd11420f084670e4aba76a8f421265 155786 libdom4j-java-doc_1.6.1+dfsg.3-2+deb8u1_all.deb Checksums-Sha256: 38d596a2bc1544187ec9e759123c408b937efc98481d056d23c10799592df114 2475 dom4j_1.6.1+dfsg.3-2+deb8u1.dsc d586686e1888effa5eed9a2eb085bda534ed9387769079e4f9bc8fd2ab5da5ae 2315230 dom4j_1.6.1+dfsg.3.orig.tar.gz 37584d72c9a07a21fa057dd36d0e69124573f5d6e620ef5c19d5331405a9ed85 12712 dom4j_1.6.1+dfsg.3-2+deb8u1.debian.tar.xz c3f8ebd77f2f355b2146fbf1fa381f5c1524990a7b43151fa5fb735c3b23f235 347998 libdom4j-java_1.6.1+dfsg.3-2+deb8u1_all.deb f1e4561790daba7303d5ca5712f6834b4661980af5c9b5a6d827bdd5005b62a0 155786 libdom4j-java-doc_1.6.1+dfsg.3-2+deb8u1_all.deb Files: 0f19a918966f21af686022b1c2dcf3f4 2475 java optional dom4j_1.6.1+dfsg.3-2+deb8u1.dsc 82a729746a518e9958373c3c0280a686 2315230 java optional dom4j_1.6.1+dfsg.3.orig.tar.gz 392503c86aee4fdabd5a730d853fee32 12712 java optional dom4j_1.6.1+dfsg.3-2+deb8u1.debian.tar.xz e526fe7d6795621050e7d00b32272e13 347998 java optional libdom4j-java_1.6.1+dfsg.3-2+deb8u1_all.deb 7067540cb354f0c8d1c1203789622761 155786 doc optional libdom4j-java-doc_1.6.1+dfsg.3-2+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlupHJxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkRYUP/2GlGxSNoIWysIYKF3e5Z5871FdQDH/sF4x1 t6uKGP3O9kjT637fBqJuQ8d2MQ2Crjhv6wFeaR11fVI1/rB2qnG1KtzRPd7+DH5f j6m4xli8awHCphkS5BGGgtbTvmQyGmZwlq+hc29EykBooMYWQdmcA/WlQVvwEUps kmCQpoAlgAZKvn59e+5HTw73ZHSn5h+Xb4QeJCKlpz6fk6/sdhXCsKlssIdj+zeO 3CyLEsoO7m3K+S/102Yey7YUZ/pRYxxsoWSQdkgtz5evXFfWBj7WkY5MAnnkK/Ec K3kJOapP/1UZZ9vMXTRRjR3ZdW+mUvOYyr0LexQH3vYF9psAevP3iPSqhEqzJRey hT84NuvszKhBrBepHMauu2IOKSO27TGL1H48KfPXK2d+sE2pfZ3Z2JIT3cxo5Omx 1ewuz3HiWIGvceJpeLDeulM/PNX56W5GrVfgsZrXIYaCzWuH9r+g4EW3rsd5LI+d iSSgrzASy9/JzJnAIiKIbDi9FtN4lpL6XbVM+D+hifyKpWkWEqwjWltgFYrRCRPy AyiWR1ZVRsyQzc4fq6DWtWTBHJ3jiqWo5KKR5u9wZfloam0J7aVMMnc+Fn/2FYQ/ jho+ciWSjkpw0+C2IZHPRzZ3k1ztPARtZRiXiZz0dNIMspMkRnhEQL29cma7thGc s4s5gmjY =R2L/ -----END PGP SIGNATURE-----
