← Back to branch summary

~ubuntu-security/ubuntu-cve-tracker/master 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

Candidate: CVE-2014-0225
PublicDate: 2017-05-25
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0225
Description:
 When processing user provided XML documents, the Spring Framework 4.0.0 to
 4.0.4, 3.0.0 to 3.2.8, and possibly earlier unsupported versions did not
 disable by default the resolution of URI references in a DTD declaration.
 This enabled an XXE attack.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:

Patches_libspring-java:
upstream_libspring-java: needs-triage
lucid_libspring-java: DNE
precise_libspring-java: ignored (reached end-of-life)
precise/esm_libspring-java: DNE (precise was needed)
saucy_libspring-java: ignored (reached end-of-life)
trusty_libspring-java: needed
utopic_libspring-java: ignored (reached end-of-life)
vivid_libspring-java: ignored (reached end-of-life)
vivid/stable-phone-overlay_libspring-java: DNE
vivid/ubuntu-core_libspring-java: DNE
wily_libspring-java: ignored (reached end-of-life)
xenial_libspring-java: needed
yakkety_libspring-java: ignored (reached end-of-life)
zesty_libspring-java: needed
devel_libspring-java: needed