group.of.nepali.translators team mailing list archive

[Steve Beattie <sbeattie@xxxxxxxxxx>]

Ubuntu 17.10 aka artful has reached the end of of its support lifetime,
closing artful's task. Thanks!

** Changed in: xmltooling (Ubuntu Artful)
       Status: Incomplete => Won't Fix

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1752306

Title:
  Security bug in XMLTooling-C before 1.6.4 [CVE-2018-0489]

Status in xmltooling package in Ubuntu:
  Fix Released
Status in xmltooling source package in Trusty:
  Fix Released
Status in xmltooling source package in Xenial:
  Fix Released
Status in xmltooling source package in Artful:
  Won't Fix
Status in xmltooling source package in Bionic:
  Fix Released

Bug description:
  From the Debian security advisory at
  https://www.debian.org/security/2018/dsa-4126

      Kelby Ludwig and Scott Cantor discovered that the Shibboleth
  service provider is vulnerable to impersonation attacks and
  information disclosure due to incorrect XML parsing. For additional
  details please refer to the upstream advisory at
  https://shibboleth.net/community/advisories/secadv_20180227.txt

      For the oldstable distribution (jessie), this problem has been
  fixed in version 1.5.3-2+deb8u3.

      For the stable distribution (stretch), this problem has been fixed
  in version 1.6.0-4+deb9u1.

      We recommend that you upgrade your xmltooling packages.

      For the detailed security status of xmltooling please refer to its
  security tracker page at: https://security-
  tracker.debian.org/tracker/xmltooling

  This bug is fixed upstream in Debian

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1752306/+subscriptions