CVE-2019-9628 in Ubuntu

CVE-2019-9628

Priority

Description

The XMLTooling library all versions prior to V3.0.4, provided with the
OpenSAML and Shibboleth Service Provider software, contains an XML parsing
class. Invalid data in the XML declaration causes an exception of a type
that was not handled properly in the parser class and propagates an
unexpected exception type.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9628
https://shibboleth.net/community/advisories/secadv_20190311.txt
https://issues.shibboleth.net/jira/browse/CPPXT-143
https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=af27c422f551e16989ff6f1722d83614c8550eb5
https://ubuntu.com/security/notices/USN-3921-1

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924346
https://bugs.launchpad.net/bugs/1819912

Notes

Package

Source: xmltooling (LP Ubuntu Debian)

Upstream:	released (3.0.4-1)
Ubuntu 18.04 LTS:	released (1.6.4-1ubuntu2.1)
Ubuntu 14.04 ESM:	DNE (trusty was released [1.5.3-2+deb8u3ubuntu0.1])

Patches:

More Information

Updated: 2022-06-10 14:03:15 UTC (commit 22cd97abab61e5eccab4070a258ab5d6a94b972b)