ELA-92-1 xmltooling security update

denial-of-service

2019-03-13
Packagexmltooling
Version1.4.2-5+deb7u4
Related CVEs CVE-2019-9628


Ross Geerlings discovered that the XMLTooling library did not correctly handle exceptions for malformed XML declarations, which could result in denial of service against the application using XMLTooling.



For Debian 7 Wheezy, these problems have been fixed in version 1.4.2-5+deb7u4.

We recommend that you upgrade your xmltooling packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.