oss-sec mailing list archives
New Apache Santuario security advisory CVE-2014-8152
From: Colm O hEigeartaigh <coheigea () apache org>
Date: Mon, 19 Jan 2015 15:50:44 +0000
A new security advisory for Apache Santuario has been issued - CVE-2014-8152 - "Streaming XML Signature verification failure". It is a critical advisory for anyone using the streaming XML Signature support introduced in the 2.0.0 release. The DOM implementation is not affected. This issue is fixed in the recently released version 2.0.3. The security advisory is linked on the security advisories page of Apache Santuario and also attached to this mail: http://santuario.apache.org/secadv.html Colm. -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
Attachment:
CVE-2014-8152.txt.asc
Description:
Current thread:
- New Apache Santuario security advisory CVE-2014-8152 Colm O hEigeartaigh (Jan 19)