[SECURITY] [DLA 85-1] libxml-security-java security update

2014-11-09T16:34:59
ID DEBIAN:DLA-85-1:9FEBE
Type debian
Reporter Debian
Modified 2014-11-09T16:34:59

Description

Package : libxml-security-java Version : 1.4.3-2+deb6u1 CVE ID : CVE-2013-2172

James Forshaw discovered that, in Apache Santuario XML Security for Java, CanonicalizationMethod parameters were incorrectly validated: by specifying an arbitrary weak canonicalization algorithm, an attacker could spoof XML signatures.