Debian Package Tracker
Register | Log in
Subscribe

libxml-security-java

Apache Santuario -- XML Security for Java

Choose email to subscribe with

general
  • source: libxml-security-java (main)
  • version: 2.1.7-2
  • maintainer: Debian Java Maintainers (archive) (DMD)
  • uploaders: Varun Hiremath [DMD] – Torsten Werner [DMD] – Emmanuel Bourg [DMD]
  • arch: all
  • std-ver: 4.6.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1.5.8-2
  • o-o-sec: 1.5.8-2+deb9u1
  • oldstable: 2.0.10-2
  • old-sec: 2.0.10-2+deb10u1
  • stable: 2.0.10-2+deb11u1
  • stable-sec: 2.0.10-2+deb11u1
  • testing: 2.1.7-2
  • unstable: 2.1.7-2
versioned links
  • 1.5.8-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1.5.8-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.0.10-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.0.10-2+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.0.10-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 2.1.7-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • libxml-security-java
  • libxml-security-java-doc
action needed
A new upstream version is available: 3.0.0 high
A new upstream version 3.0.0 is available, you should consider packaging it.
Created: 2021-09-24 Last update: 2022-08-18 17:43
lintian reports 30 errors and 2 warnings high
Lintian reports 30 errors and 2 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2021-10-13 Last update: 2022-07-30 12:15
1 low-priority security issue in bullseye low

There is 1 open security issue in bullseye.

1 issue left for the package maintainer to handle:
  • CVE-2019-12400: (needs triaging) In version 2.0.3 Apache Santuario XML Security for Java, a caching mechanism was introduced to speed up creating new XML documents using a static pool of DocumentBuilders. However, if some untrusted code can register a malicious implementation with the thread context class loader first, then this implementation might be cached and re-used by Apache Santuario - XML Security for Java, leading to potential security flaws when validating signed documents, etc. The vulnerability affects Apache Santuario - XML Security for Java 2.0.x releases from 2.0.3 and all 2.1.x releases before 2.1.4.

You can find information about how to handle this issue in the security team's documentation.

Created: 2022-07-04 Last update: 2022-08-01 13:40
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).
Created: 2022-05-11 Last update: 2022-05-11 23:24
news
[rss feed]
  • [2021-11-20] libxml-security-java 2.1.7-2 MIGRATED to testing (Debian testing watch)
  • [2021-11-19] Accepted libxml-security-java 2.0.10-2+deb10u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
  • [2021-11-15] Accepted libxml-security-java 2.0.10-2+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Markus Koschany)
  • [2021-11-15] Accepted libxml-security-java 2.0.10-2+deb10u1 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Markus Koschany)
  • [2021-11-15] Accepted libxml-security-java 2.0.10-2+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Markus Koschany)
  • [2021-11-14] Accepted libxml-security-java 2.1.7-2 (source) into unstable (Markus Koschany)
  • [2021-09-27] Accepted libxml-security-java 1.5.8-2+deb9u1 (source) into oldoldstable (Markus Koschany)
  • [2021-09-26] libxml-security-java 2.1.7-1 MIGRATED to testing (Debian testing watch)
  • [2021-09-23] Accepted libxml-security-java 2.1.7-1 (source) into unstable (Markus Koschany)
  • [2018-09-29] libxml-security-java 2.0.10-2 MIGRATED to testing (Debian testing watch)
  • [2018-09-24] Accepted libxml-security-java 2.0.10-2 (source) into unstable (Emmanuel Bourg)
  • [2018-07-30] libxml-security-java 2.0.10-1 MIGRATED to testing (Debian testing watch)
  • [2018-07-25] Accepted libxml-security-java 2.0.10-1 (source) into unstable (Emmanuel Bourg)
  • [2017-02-09] libxml-security-java 1.5.8-2 MIGRATED to testing (Debian testing watch)
  • [2017-02-06] Accepted libxml-security-java 1.5.8-2 (source) into unstable (Markus Koschany)
  • [2016-11-22] libxml-security-java 1.5.8-1 MIGRATED to testing (Debian testing watch)
  • [2016-11-16] Accepted libxml-security-java 1.5.8-1 (source all) into unstable (Emmanuel Bourg)
  • [2014-11-09] Accepted libxml-security-java 1.4.3-2+deb6u1 (source all) into squeeze-lts (Thorsten Alteholz)
  • [2014-11-07] Accepted libxml-security-java 1.4.5-1+deb7u1 (source all) into proposed-updates->stable-new, proposed-updates (Sebastien Delafond)
  • [2014-02-08] libxml-security-java 1.5.6-1 MIGRATED to testing (Debian testing watch)
  • [2014-02-02] Accepted libxml-security-java 1.5.6-1 (source all) (tony mancill)
  • [2014-02-01] libxml-security-java REMOVED from testing (Debian testing watch)
  • [2013-09-06] libxml-security-java 1.5.5-2 MIGRATED to testing (Debian testing watch)
  • [2013-08-26] Accepted libxml-security-java 1.5.5-2 (source all) (Emmanuel Bourg)
  • [2013-07-03] Accepted libxml-security-java 1.5.5-1 (source all) (Emmanuel Bourg)
  • [2013-04-28] Accepted libxml-security-java 1.5.4-1 (source all) (tony mancill)
  • [2011-09-11] libxml-security-java 1.4.5-1 MIGRATED to testing (Debian testing watch)
  • [2011-09-01] Accepted libxml-security-java 1.4.5-1 (source all) (Torsten Werner)
  • [2009-12-14] libxml-security-java 1.4.3-2 MIGRATED to testing (Debian testing watch)
  • [2009-12-03] Accepted libxml-security-java 1.4.3-2 (source all) (Niels Thykier) (signed by: Mehdi Dogguy)
  • 1
  • 2
bugs [bug history graph]
  • all: 0
links
  • homepage
  • lintian (30, 2)
  • buildd: logs, clang, reproducibility
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • screenshots
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 2.1.7-2

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing