Back to libxml-security-java PTS page

Accepted libxml-security-java 2.0.10-2+deb11u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted libxml-security-java 2.0.10-2+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Mon, 15 Nov 2021 19:17:19 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1mmhTj-000DEr-RW@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 14 Nov 2021 21:49:31 +0100
Source: libxml-security-java
Architecture: source
Version: 2.0.10-2+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian Java Maintainers <pkg-java-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
 libxml-security-java (2.0.10-2+deb11u1) bullseye-security; urgency=high
 .
   * Team upload.
   * Fix CVE-2021-40690:
     Apache Santuario - XML Security for Java is vulnerable to an issue where
     the "secureValidation" property is not passed correctly when creating a
     KeyInfo from a KeyInfoReference element. This allows an attacker to abuse
     an XPath Transform to extract any local .xml files in a RetrievalMethod
     element.
Checksums-Sha1:
 f23f65ab00e41831be353a35d9124395842cae98 2741 libxml-security-java_2.0.10-2+deb11u1.dsc
 890a38522bb742a3a7c7f47373b3d8f62b3877fc 800416 libxml-security-java_2.0.10.orig.tar.xz
 e6b78891485a0619d69cce5c9dbbe24873389a20 9672 libxml-security-java_2.0.10-2+deb11u1.debian.tar.xz
 9762ac14142659dd8e2f34f2238a8dbfb617635d 13350 libxml-security-java_2.0.10-2+deb11u1_source.buildinfo
Checksums-Sha256:
 20b00d9b8bf1ea95b421cc20fb006a6cbe248ee836df6b145d50d6c04eaffb0d 2741 libxml-security-java_2.0.10-2+deb11u1.dsc
 0f205c2e911e2b4a706d336d4b117beb1e416a272ec18bd77505f68bd000d158 800416 libxml-security-java_2.0.10.orig.tar.xz
 571f7728edb6ec57fe029f3c801dfec3c7fd13d06785dfebf6635a5a90dc00e2 9672 libxml-security-java_2.0.10-2+deb11u1.debian.tar.xz
 300e4cf6ab7f4cf546b031b5ec61d7f3baaefd233edc916cac72f205174f5fe1 13350 libxml-security-java_2.0.10-2+deb11u1_source.buildinfo
Files:
 d1ed00f15742b36baced3b3aa88730c6 2741 java optional libxml-security-java_2.0.10-2+deb11u1.dsc
 c7f34e2b20b5e634834a4ab0ce79d1e9 800416 java optional libxml-security-java_2.0.10.orig.tar.xz
 04fffbc5baa38e82105c244909c264f3 9672 java optional libxml-security-java_2.0.10-2+deb11u1.debian.tar.xz
 1ab58f97d618a96081db667ab0c2ae91 13350 java optional libxml-security-java_2.0.10-2+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmGSMI5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkO6AP/RkhB1foPtQ/6TVw564/U/ttDA2pcP/m1g54
T+rwcm81li35Lh69qexupg/OrS85fx121J5n087ecu3Ec9EToep+UhwMY7+AKmm/
G1fgPNc1/GVYUk6bPjP2DRYXLgXuYEhzJuUqHvrIO7DdbvKKPDLxVqArqJU5Z3JA
jT3J9gkDKO1hQ71kk+S/N4AZsqw8z5B8qE1bh+v+kJNE0EERWb3EZl0iuj02tGSv
YEc4VBQhgstZHYNh6cz2XtUMrmjaVVOaQ2u1525aCuFwtvV7XW/B+xkZTg26zj4I
fe59oTt9LiTHNA44Zb8NLF1N2BnNBgSarcD/I9g5BuE7XInnb/NuMkaLh9m0YgMr
ocz3R5mo1r/r1/7PS8EULlCynhw4uYDgYw0AwHydF0X5IPBQ6h7AptDSBsjYogV2
TnhCeVdQSQOXFUcx3TucFzeOwJrDW3Kn4qxfbDzXsBWBpabijk+e8E+Se+ijpIAE
wNoSe5x4BojX0Tv2VFkocmyToRnAj8PlQmTkPpf4ZoRmzuGe85JXJYy3N/rx+IMO
rDmc1G59CmqDp05qBkwPVimEspXZe+vxwsVH3yd/UB288Jc3fEj/QHpntnFi0kWK
u1KO7qs4EFHRazwihz+w1eH7N8chpvwPkM4sCYYM73R3QVIbOiCHM4LMqD9bOuuq
QoyxNukh
=5cf+
-----END PGP SIGNATURE-----