From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------- Debian Security Advisory DSA-2886-1 [email protected] http://www.debian.org/security/ Florian Weimer
March 26, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libxalan2-java
CVE ID : CVE-2014-0107
Debian Bug : 742577

Nicolas Gregoire discovered several vulnerabilities in libxalan2-java,
a Java library for XSLT processing. Crafted XSLT programs could
access system properties or load arbitrary classes, resulting in
information disclosure and, potentially, arbitrary code execution.

For the oldstable distribution (squeeze), this problem has been fixed in version 2.7.1-5+deb6u1.

For the stable distribution (wheezy), this problem has been fixed in
version 2.7.1-7+deb7u1.

For the unstable distribution (sid), this problem has been fixed in
version 2.7.1-9.

We recommend that you upgrade your libxalan2-java packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQEcBAEBAgAGBQJTMzhoAAoJEL97/wQC1SS+XDgH+QFIhm6HIEaSB5AyGnW/3h1i tM+qTA5Oze8FwHTLXYdLbu1V5rJUsNKNdtF/ldf9n+D3MACc8u2Sz3BOa+gixKCz BWk5s9vc8gRBHz0L/Q3ev+Nf6GKTg25ToMy+iwZhj/p0LjpEYYQRa8GbWepgasDx Uqo34fuiq8z8Ntbs9xpQZLxCeoLFTPvRl1Pp++5uroMriulEAg1NH0cl6b8Cv4R8 MrAP6H6CsvmGZXc24OZTvnW1zuflCSw7YDdaEB/6MXtRejUugVqBh7Rbn3Gdp9N/ YIaKStItV0sK+uWBtgUl/l43Lcgy4hBJD6SnFRwCLnO5n0/GK3dh6367jqz5vpU=
=+zPT
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)