-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2014-03-31 13:20:32 UTC
-
mfrom:
(5.2.1 sid)
-
Revision ID:
package-import@ubuntu.com-20140331132032-g46xg123tqvwgr6u
Tags: 2.7.1-5ubuntu1.1
* SECURITY UPDATE: information disclosure or arbitrary code execution via
crafted XSLT programs
- debian/patches/CVE-2014-0107.patch: disable external general
entities, foreign attributes and access to the system properties in
src/org/apache/xalan/transformer/TransformerImpl.java,
src/org/apache/xalan/processor/XSLTElementProcessor.java,
src/org/apache/xalan/processor/TransformerFactoryImpl.java,
src/org/apache/xpath/functions/FuncSystemProperty.java.
- CVE-2014-0107