You are here
Home > Preporuke > Sigurnosni propust programskog paketa xalan-j2

Sigurnosni propust programskog paketa xalan-j2

——————————————————————————–
Fedora Update Notification
FEDORA-2014-4426
2014-03-28 01:47:11
——————————————————————————–

Name : xalan-j2
Product : Fedora 19
Version : 2.7.1
Release : 22.fc19
URL : http://xalan.apache.org/
Summary : Java XSLT processor
Description :
Xalan is an XSLT processor for transforming XML documents into HTML,
text, or other XML document types. It implements the W3C Recommendations
for XSL Transformations (XSLT) and the XML Path Language (XPath). It can
be used from the command line, in an applet or a servlet, or as a module
in other program.

——————————————————————————–
Update Information:

This update fixes a remote code execution security vulnerability (CVE-2014-0107).
——————————————————————————–
ChangeLog:

* Thu Mar 27 2014 Mikolaj Izdebski <mizdebsk@redhat.com> – 0:2.7.1-22
– Add patch to fix remote code execution vulnerability
– Resolves: CVE-2014-0107
* Mon Aug 19 2013 Mikolaj Izdebski <mizdebsk@redhat.com> – 0:2.7.1-21
– Move depmaps to appropriate packages
– Resolves: rhbz#998594
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 0:2.7.1-20
– Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 10 2013 Krzysztof Daniel <kdaniel@redhat.com> 0:2.7.1-19
– Add export packages from Eclipse orbit.
– Restore dependency to system.bundle.
——————————————————————————–
References:

[ 1 ] Bug #1080248 – CVE-2014-0107 Xalan-Java: insufficient constraints in secure processing feature
https://bugzilla.redhat.com/show_bug.cgi?id=1080248
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update xalan-j2’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

 

 

 

 

——————————————————————————–
Fedora Update Notification
FEDORA-2014-4443
2014-03-28 01:48:00
——————————————————————————–

Name : xalan-j2
Product : Fedora 20
Version : 2.7.1
Release : 22.fc20
URL : http://xalan.apache.org/
Summary : Java XSLT processor
Description :
Xalan is an XSLT processor for transforming XML documents into HTML,
text, or other XML document types. It implements the W3C Recommendations
for XSL Transformations (XSLT) and the XML Path Language (XPath). It can
be used from the command line, in an applet or a servlet, or as a module
in other program.

——————————————————————————–
Update Information:

This update fixes a remote code execution security vulnerability (CVE-2014-0107).
——————————————————————————–
ChangeLog:

* Thu Mar 27 2014 Mikolaj Izdebski <mizdebsk@redhat.com> – 0:2.7.1-22
– Add patch to fix remote code execution vulnerability
– Resolves: CVE-2014-0107
——————————————————————————–
References:

[ 1 ] Bug #1080248 – CVE-2014-0107 Xalan-Java: insufficient constraints in secure processing feature
https://bugzilla.redhat.com/show_bug.cgi?id=1080248
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update xalan-j2’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

 

Top
More in Preporuke
Ranjivosti programske biblioteke perl-YAML-LibYAML

Otkrivene su ranjivosti preljeva spremnika i cjelobrojnog prepisivanja u načinu kojim je libyaml parsirao URL-ove unutar YAML dokumenata, odnosno upravljao...

Close