group.of.nepali.translators team mailing list archive

[Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>]

I am unsubscribing ubuntu-security-sponsors for now since there is no
artful debdiff to review. Please subscribe ubuntu-security-sponsors
again once an appropriate debdiff is available. Thanks!

** Changed in: xmltooling (Ubuntu Bionic)
       Status: Triaged => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1743762

Title:
  Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486]

Status in xmltooling package in Ubuntu:
  Fix Released
Status in xmltooling source package in Trusty:
  Fix Released
Status in xmltooling source package in Xenial:
  Fix Released
Status in xmltooling source package in Artful:
  Triaged
Status in xmltooling source package in Bionic:
  Fix Released

Bug description:
  From the Debian bug report at
  https://www.debian.org/security/2018/dsa-4085:

      Philip Huppert discovered the Shibboleth service provider is
  vulnerable to impersonation attacks and information disclosure due to
  mishandling of DTDs in the XMLTooling XML parsing library. For
  additional details please refer to the upstream advisory at
  https://shibboleth.net/community/advisories/secadv_20180112.txt

      For the oldstable distribution (jessie), this problem has been
  fixed in version 1.5.3-2+deb8u2.

      The stable distribution (stretch) is not affected.

      We recommend that you upgrade your xmltooling packages.

      For the detailed security status of xmltooling please refer to its
  security tracker page at: https://security-
  tracker.debian.org/tracker/xmltooling

  
  This bug is fixed upstream in Debian.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1743762/+subscriptions