oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

New Apache Santuario security advisory CVE-2014-8152

From: Colm O hEigeartaigh <coheigea () apache org>
Date: Mon, 19 Jan 2015 15:50:44 +0000
A new security advisory for Apache Santuario has been issued -
CVE-2014-8152 - "Streaming XML Signature verification failure". It is a
critical advisory for anyone using the streaming XML Signature support
introduced in the 2.0.0 release. The DOM implementation is not affected.

This issue is fixed in the recently released version 2.0.3.

The security advisory is linked on the security advisories page of Apache
Santuario and also attached to this mail:
http://santuario.apache.org/secadv.html

Colm.


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Attachment: CVE-2014-8152.txt.asc
Description:

Previous By Date Next
Previous By Thread Next

Current thread: