TEMP-0905332-CB57BF

NameTEMP-0905332-CB57BF
DescriptionDefault KeyInfo resolver doesn't check for empty element content.
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs905332

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xml-security-c (PTS)jessie, jessie (lts)1.7.2-3+deb8u2fixed
stretch1.7.3-4+deb9u3fixed
stretch (security), stretch (lts)1.7.3-4+deb9u1fixed
buster2.0.2-3fixed
bullseye2.0.2-4fixed
sid, trixie, bookworm2.0.4-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xml-security-csourceexperimental2.0.1-1
xml-security-csourcewheezy(unfixed)end-of-life
xml-security-csourcejessie1.7.2-3+deb8u1
xml-security-csourcestretch1.7.3-4+deb9u1
xml-security-csource(unstable)1.7.3-4+deb9u1905332

Notes

https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491
https://shibboleth.net/community/advisories/secadv_20180803.txt
Search for package or bug name: Reporting problems