[pkg-java] r17946 - in branches/libxalan2-java/squeeze-security/debian: . patches
Emmanuel Bourg
ebourg-guest at moszumanska.debian.org
Tue Mar 25 15:25:45 UTC 2014
Author: ebourg-guest
Date: 2014-03-25 15:25:44 +0000 (Tue, 25 Mar 2014)
New Revision: 17946
Modified:
branches/libxalan2-java/squeeze-security/debian/changelog
branches/libxalan2-java/squeeze-security/debian/patches/series
Log:
Fix CVE-2014-0107 for Squeeze
Modified: branches/libxalan2-java/squeeze-security/debian/changelog
===================================================================
--- branches/libxalan2-java/squeeze-security/debian/changelog 2014-03-25 14:44:47 UTC (rev 17945)
+++ branches/libxalan2-java/squeeze-security/debian/changelog 2014-03-25 15:25:44 UTC (rev 17946)
@@ -1,3 +1,13 @@
+libxalan2-java (2.7.1-5+deb6u1) squeeze-security; urgency=high
+
+ * Team upload.
+ * Fix CVE-2014-0107: Strengthen the secure processing mode by disabling
+ external general entities, foreign attributes and access to the system
+ properties. This could be exploited to execute arbitrary code remotely.
+ (Closes: #742577)
+
+ -- Emmanuel Bourg <ebourg at apache.org> Tue, 25 Mar 2014 15:48:50 +0100
+
libxalan2-java (2.7.1-5) unstable; urgency=low
* Upload to unstable.
Modified: branches/libxalan2-java/squeeze-security/debian/patches/series
===================================================================
--- branches/libxalan2-java/squeeze-security/debian/patches/series 2014-03-25 14:44:47 UTC (rev 17945)
+++ branches/libxalan2-java/squeeze-security/debian/patches/series 2014-03-25 15:25:44 UTC (rev 17946)
@@ -1,2 +1,2 @@
build.patch
-
+CVE-2014-0107.patch
More information about the pkg-java-commits
mailing list