Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

libxml-security-java: CVE-2013-4517

Related Vulnerabilities: CVE-2013-4517   cve-2013-4517   CVE-2013-2172  

Source

Debian Bug report logs - #733938
libxml-security-java: CVE-2013-4517

version graph

Package: libxml-security-java; Maintainer for libxml-security-java is Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>; Source for libxml-security-java is src:libxml-security-java (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Thu, 2 Jan 2014 12:51:01 UTC

Severity: grave

Tags: security

Fixed in version libxml-security-java/1.5.6-1

Done: tony mancill <tmancill@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>:
Bug#733938; Package libxml-security-java. (Thu, 02 Jan 2014 12:51:06 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>. (Thu, 02 Jan 2014 12:51:06 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libxml-security-java: CVE-2013-4517
Date: Thu, 02 Jan 2014 13:41:30 +0100
Package: libxml-security-java
Severity: grave
Tags: security
Justification: user security hole

Please see http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc

Please prepare updated oldstable-security/stable-securitypackages for this issue
and CVE-2013-2172 (as fixed in 1.5.5-2) and contact team@security.debian.org
http://www.debian.org/doc/manuals/developers-reference/pkgs.html#bug-security

Cheers,
        Moritz

Reply sent to tony mancill <tmancill@debian.org>:
You have taken responsibility. (Sun, 02 Feb 2014 19:21:09 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. (Sun, 02 Feb 2014 19:21:09 GMT) (full text, mbox, link).

Message #10 received at 733938-close@bugs.debian.org (full text, mbox, reply):

From: tony mancill <tmancill@debian.org>
To: 733938-close@bugs.debian.org
Subject: Bug#733938: fixed in libxml-security-java 1.5.6-1
Date: Sun, 02 Feb 2014 19:18:59 +0000
Source: libxml-security-java
Source-Version: 1.5.6-1

We believe that the bug you reported is fixed in the latest version of
libxml-security-java, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 733938@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
tony mancill <tmancill@debian.org> (supplier of updated libxml-security-java package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 02 Feb 2014 10:14:47 -0800
Source: libxml-security-java
Binary: libxml-security-java libxml-security-java-doc
Architecture: source all
Version: 1.5.6-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: tony mancill <tmancill@debian.org>
Description: 
 libxml-security-java - Apache Santuario
 libxml-security-java-doc - Documentation for Apache Santuario
Closes: 733938
Changes: 
 libxml-security-java (1.5.6-1) unstable; urgency=medium
 .
   * Team upload.
   * New upstream release.
     - Addresses CVE-2013-4517 (Closes: #733938)
   * Freshen pom.xml patch for new version.
Checksums-Sha1: 
 951f8ee41c0c2d511afef3927ba8dc5dd8732c14 2511 libxml-security-java_1.5.6-1.dsc
 31098e1477017735fa75b37e827f306d43283faa 1281978 libxml-security-java_1.5.6.orig.tar.gz
 30d987630b98e3bf40e00c823dc57ff41c050375 5016 libxml-security-java_1.5.6-1.debian.tar.xz
 8a99692e87bf8a08a3bd3a2c981d958afe305953 558412 libxml-security-java_1.5.6-1_all.deb
 4c03a212d72a329e545f2afec5e8a273f9305f81 2255970 libxml-security-java-doc_1.5.6-1_all.deb
Checksums-Sha256: 
 c860ec77c8038213a10028bf87252bdabc5607cd199891a2fc85b4b388cf4cb1 2511 libxml-security-java_1.5.6-1.dsc
 b83be20a6d49d95039ea5aa001288e73181b412021fda3b3f0c2e4dd64607816 1281978 libxml-security-java_1.5.6.orig.tar.gz
 a11ee7dcee4319af0d132accc050014d53710cd9e0a5e8acea5648e702bcc6aa 5016 libxml-security-java_1.5.6-1.debian.tar.xz
 e8e1c55b98fc9ec5181e33f7618a3cbc9beaace57ef1edaac38b43a44e8b96a2 558412 libxml-security-java_1.5.6-1_all.deb
 c37d6c06772bc9efc1d88f8c43f1d955109a2916c0c0b42c51cc0a01bfa10409 2255970 libxml-security-java-doc_1.5.6-1_all.deb
Files: 
 320d94aed325c1a6dedcdd12b95cdd6e 2511 java optional libxml-security-java_1.5.6-1.dsc
 311cd7b3d17eb99aa6bf46ba2e760190 1281978 java optional libxml-security-java_1.5.6.orig.tar.gz
 940a5ad29fbba0e9c6ef2edede2c02a4 5016 java optional libxml-security-java_1.5.6-1.debian.tar.xz
 23e70f8c3580256100cb76417f501bb8 558412 java optional libxml-security-java_1.5.6-1_all.deb
 850e5db6f0e739898a67635a636527c2 2255970 doc optional libxml-security-java-doc_1.5.6-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJS7pk6AAoJECHSBYmXSz6WuywQAJn8eWX7B9A4eDRChhtf66+G
RmUU4ZZIa23kxFgTHeE/DNWeJmUgzgoG7FMlr/Bx2Z5Q/qMSou+Zd85E2g5L9eOo
PfPUbb/PkdLHN0axIUWP27ZLGLTJuSh/ew52xBI13OQnCMUzkO91AIo0IXcFLKoI
gk2i5/tIC8zE+61XYYYXH8gMs3nVLbT5lwCEOrh/OPIBOjZUIoxu4dJxDbmI3Ux6
A+D/KuBeiE5B9gHar8r2E4D9zhp8qFTVtdQ4qXaaCudRgDG9hVYzX726X70qXMrk
vBR9hkbNNp/qXeLVOJJlLjkbLiRsk+XuJMKtDv5bd+9+mSk77vSONX0il4e/9SnH
cL//57zryIIn0Cu3sBkMia6uq+PHfHcINiiNJIgFoY4u30hBa7O/SfC/iD0u/5bE
M8cfsiFhc4n/oMgyxDld2eQohzie5D1Lsx1Md2iC1feSCy82nEy0O5nmZWKJZvhe
uQQgnW9SsOReYlkl+j59FeyRl/z+xcbKxHqdFofR+TQ4ELZQJu04iw8DME3fj0uW
LC5tK+xG5bcJH1cj13M5QCc6R8+l4A2msZK2oqGwyQL6/OB/iBoagr5w1y6HXudu
fAGojDGXgrWWw0uedLQl9FLUcGBEt/JssBiLBxzOUApIkX7NU98kKc8uzJ4FqSqP
KWwHWyZLu1R52OjTu7sR
=2BAl
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 11 Jan 2015 07:28:59 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:13:45 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started