-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Sep 2018 15:03:22 +0200 Source: dom4j Binary: libdom4j-java libdom4j-java-doc Architecture: source all Version: 1.6.1+dfsg.3-2+deb9u1 Distribution: stretch Urgency: high Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libdom4j-java - flexible XML framework for Java libdom4j-java-doc - documentation for libdom4j-java Changes: dom4j (1.6.1+dfsg.3-2+deb9u1) stretch; urgency=high . * Team upload. * Fix CVE-2018-1000632: Mario Areias discovered that dom4j, a XML framework for Java, was vulnerable to a XML injection attack. An attacker able to specify attributes or elements in the XML document might be able to modify the whole XML document. * Compile with source/target 1.5 to fix a compilation issue with String.format. * Add testng to Build-Depends. Build and test AllowedCharsTest to verify that CVE-2018-1000632 is correctly addressed. Checksums-Sha1: 0f8302acc9d9e96b34d0afab5a76e5c84c3d2fe4 2475 dom4j_1.6.1+dfsg.3-2+deb9u1.dsc 46aeb0ce4ef3c0fcc801e479679d7917ba5e17bd 12704 dom4j_1.6.1+dfsg.3-2+deb9u1.debian.tar.xz a752aeb136fc183dfdd0ee21c801bc067c73bd45 11683 dom4j_1.6.1+dfsg.3-2+deb9u1_amd64.buildinfo 4b299f3300ecd8d347dd1906dc261dd9db8c830f 301534 libdom4j-java-doc_1.6.1+dfsg.3-2+deb9u1_all.deb d065abcaaef2f9298d60c9037415f3e6f74f71c9 348214 libdom4j-java_1.6.1+dfsg.3-2+deb9u1_all.deb Checksums-Sha256: 1af3b5555383958472160677ac223a3cbce4117f715c93d627326c74c72a2e54 2475 dom4j_1.6.1+dfsg.3-2+deb9u1.dsc daaf96f6001b152bdfc0ae9fc1c4e72967428329177513959ed8a8fed4608d7a 12704 dom4j_1.6.1+dfsg.3-2+deb9u1.debian.tar.xz 5b948a6f86c8e1ea40a69dbb07e376400c24c48050d587be6ef1abfbb934bd97 11683 dom4j_1.6.1+dfsg.3-2+deb9u1_amd64.buildinfo f48da82683223874040a2fa54c6cdd94d3b78b90a92f2d1e41fe6076f86d77fc 301534 libdom4j-java-doc_1.6.1+dfsg.3-2+deb9u1_all.deb 5c212810670f210d36209f184b03113e7742329ced1c0c3a20b9e8b5bf5ea54b 348214 libdom4j-java_1.6.1+dfsg.3-2+deb9u1_all.deb Files: f6b757a9478ad0c05339fd1142dfe463 2475 java optional dom4j_1.6.1+dfsg.3-2+deb9u1.dsc e927baa70c97facd3dc4833fbac020cb 12704 java optional dom4j_1.6.1+dfsg.3-2+deb9u1.debian.tar.xz a94ab7e8eb45057cfa48dd355b8833ed 11683 java optional dom4j_1.6.1+dfsg.3-2+deb9u1_amd64.buildinfo 34bfe53b85f2b7af98e1e8016c69ee04 301534 doc optional libdom4j-java-doc_1.6.1+dfsg.3-2+deb9u1_all.deb 26464baa0d304b4a17afdf5c4058fe2e 348214 java optional libdom4j-java_1.6.1+dfsg.3-2+deb9u1_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlupLcJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HknRMP/3TYoJQJBKCyUGR5Mx+Ie9JrW0Dr1amu5Stu jDLeRdGamcyB/cUXqvg4g0Q5KwYOX+3hwDKlt9xqamHQmNmHRV4IXkfQn1Zi7q4V U0alR8bQmrrd2+BGGF3j60ACnK+qYeppwOOJdDURfDpOEer3RjzRyCaDpSYBsS0S aaPwHqGGfVsHYs6xcSQETecJLfMGHrlu8iNDlxy7wJSCvUnTyd57sCMXFCtolI88 OP39C+mESF01Tdi7XjV09igmSAIsho02mb7/qw71Rq8L/AJdlgaI1Cb+PafFcG9Z 2krYpDnDCAfglXNQgdcQLgVHS6BvaY948BEGA5FJBj8WEnnGLwcB3iH8oUb/2aNy WlCGw90dxemEgndKI2vs0gnJ1TPTD8+cLp3MwPQZCBq/MRPgQuYNN6FqD9dv18la KArbcHuho22rQDfg2RvtEwPb8HI4FcQHw18vRzXQb1ibPgah46s888ueCz2l031q g2JMK88PQrnrvpx2K+jbTZu93sSih2Pnv7dgmFhLXIhElQNQ5qMrhShH6qowzHm4 xU9z+uc+t9ZA66o2q/T4LwRUpki7ZJ3hdfxcrMOzg9sv8miGXF5ZiwgpSB3xSivv Ug0Z0oBpYQJ9mRd+5QUSvcDduFQ00o7a/iG/dFFIehBhqOGoRdEtPLu5bHnOMusC hSG+U3Jl =y5jq -----END PGP SIGNATURE-----
