I am unsubscribing ubuntu-security-sponsors for now since there is no artful debdiff to review. Please subscribe ubuntu-security-sponsors again once an appropriate debdiff is available. Thanks!
** Changed in: xmltooling (Ubuntu Bionic) Status: Triaged => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1743762 Title: Security bug in XMLTooling-C before 1.6.3 [CVE-2018-0486] Status in xmltooling package in Ubuntu: Fix Released Status in xmltooling source package in Trusty: Fix Released Status in xmltooling source package in Xenial: Fix Released Status in xmltooling source package in Artful: Triaged Status in xmltooling source package in Bionic: Fix Released Bug description: From the Debian bug report at https://www.debian.org/security/2018/dsa-4085: Philip Huppert discovered the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to mishandling of DTDs in the XMLTooling XML parsing library. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180112.txt For the oldstable distribution (jessie), this problem has been fixed in version 1.5.3-2+deb8u2. The stable distribution (stretch) is not affected. We recommend that you upgrade your xmltooling packages. For the detailed security status of xmltooling please refer to its security tracker page at: https://security- tracker.debian.org/tracker/xmltooling This bug is fixed upstream in Debian. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xmltooling/+bug/1743762/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp