Apache XML Security for Java could be tricked into validating spoofed
signatures ...
Debian Bug report logs -
#720375
libxml-security-java: CVE-2013-2172
Package:
libxml-security-java;
Maintainer for libxml-security-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for libxml-security-java is src:libxml-security-java (PTS, buildd, popcon)
Reported by: Salvatore Bonaccorso ...
Debian Bug report logs -
#733938
libxml-security-java: CVE-2013-4517
Package:
libxml-security-java;
Maintainer for libxml-security-java is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Source for libxml-security-java is src:libxml-security-java (PTS, buildd, popcon)
Reported by: Moritz Muehlenhoff & ...
James Forshaw discovered that, in Apache Santuario XML Security for
Java, CanonicalizationMethod parameters were incorrectly validated:
by specifying an arbitrary weak canonicalization algorithm, an
attacker could spoof XML signatures
For the stable distribution (wheezy), this problem has been fixed in
version 145-1+deb7u1
For the testing distr ...
Synopsis
Moderate: xml-security security update
Type/Severity
Security Advisory: Moderate
Topic
An updated xml-security package that fixes one security issue is nowavailable for Red Hat JBoss Enterprise Application Platform 520 for RedHat Enterprise Linux 4, 5, and 6The Red Hat Security Response Team has ...
Synopsis
Moderate: xml-security security update
Type/Severity
Security Advisory: Moderate
Topic
An updated xml-security package that fixes one security issue is nowavailable for Red Hat JBoss Web Platform 520 for Red Hat Enterprise Linux4, 5, and 6The Red Hat Security Response Team has rated this update ...
Synopsis
Moderate: Red Hat JBoss Enterprise Application Platform 611 update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat JBoss Enterprise Application Platform 611, which fixes multiplesecurity issues, various bugs, and adds enhancements, is now available forRed Hat Enterprise Linux 6The Red ...
Synopsis
Moderate: Red Hat JBoss Enterprise Application Platform 611 update
Type/Severity
Security Advisory: Moderate
Topic
Red Hat JBoss Enterprise Application Platform 611, which fixes multiplesecurity issues, various bugs, and adds enhancements, is now available forRed Hat Enterprise Linux 5The Red ...