DescriptionA flaw was found in xml-security due to insufficient verification of data authenticity. If an attacker manipulates the canonicalized version's DigestValue, the cryptographic signature on the SignedInfo tree could be forged.A flaw was found in xml-security due to insufficient verification of data authenticity. If an attacker manipulates the canonicalized version's DigestValue, the cryptographic signature on the SignedInfo tree could be forged.
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.