group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1752306] Re: Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489]

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Steve Beattie <sbeattie@xxxxxxxxxx>
Date: Tue, 20 Mar 2018 23:29:14 -0000
Reply-to: Bug 1752306 <1752306@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Fixed in bionic in
https://launchpad.net/ubuntu/+source/xmltooling/1.6.4-1ubuntu2.

Still needs to be addressed in xenial and artful.

** Also affects: xmltooling (Ubuntu Bionic)
   Importance: Undecided
       Status: Fix Released

** Also affects: xmltooling (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: xmltooling (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: xmltooling (Ubuntu Artful)
   Importance: Undecided
       Status: New

** Changed in: xmltooling (Ubuntu Trusty)
       Status: New => Fix Released

** Changed in: xmltooling (Ubuntu Xenial)
       Status: New => Incomplete

** Changed in: xmltooling (Ubuntu Artful)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1752306

Title:
  Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489]

Status in xmltooling package in Ubuntu:
  Fix Released
Status in xmltooling source package in Trusty:
  Fix Released
Status in xmltooling source package in Xenial:
  Incomplete
Status in xmltooling source package in Artful:
  Incomplete
Status in xmltooling source package in Bionic:
  Fix Released

Bug description:
  From the Debian security advisory at
  https://www.debian.org/security/2018/dsa-4126

      Kelby Ludwig and Scott Cantor discovered that the Shibboleth
  service provider is vulnerable to impersonation attacks and
  information disclosure due to incorrect XML parsing. For additional
  details please refer to the upstream advisory at
  https://shibboleth.net/community/advisories/secadv_20180227.txt

      For the oldstable distribution (jessie), this problem has been
  fixed in version 1.5.3-2+deb8u3.

      For the stable distribution (stretch), this problem has been fixed
  in version 1.6.0-4+deb9u1.

      We recommend that you upgrade your xmltooling packages.

      For the detailed security status of xmltooling please refer to its
  security tracker page at: https://security-
  tracker.debian.org/tracker/xmltooling

  This bug is fixed upstream in Debian

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1752306/+subscriptions