Candidate: CVE-2014-3004
PublicDate: 2014-06-11 14:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3004
 http://seclists.org/fulldisclosure/2014/May/142
 http://packetstormsecurity.com/files/126854/Castor-Library-XXE-Disclosure.html
Description:
 The default configuration for the Xerces SAX Parser in Castor before 1.3.3
 allows context-dependent attackers to conduct XML External Entity (XXE)
 attacks via a crafted XML document.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Ron Gutierrez and Adam Bixby
Assigned-to:
CVSS: 

Patches_castor:
upstream_castor: released (1.3.3)
lucid_castor: DNE
precise_castor: ignored (reached end-of-life)
precise/esm_castor: DNE (precise was needed)
saucy_castor: ignored (reached end-of-life)
trusty_castor: ignored (reached end-of-life)
trusty/esm_castor: DNE (trusty was needed)
utopic_castor: ignored (reached end-of-life)
vivid_castor: ignored (reached end-of-life)
vivid/stable-phone-overlay_castor: DNE
vivid/ubuntu-core_castor: DNE
wily_castor: ignored (reached end-of-life)
xenial_castor: ignored (end of standard support, was needed)
yakkety_castor: ignored (reached end-of-life)
zesty_castor: ignored (reached end-of-life)
artful_castor: ignored (reached end-of-life)
bionic_castor: needed
cosmic_castor: ignored (reached end-of-life)
disco_castor: ignored (reached end-of-life)
eoan_castor: ignored (reached end-of-life)
focal_castor: needed
groovy_castor: ignored (reached end-of-life)
hirsute_castor: ignored (reached end-of-life)
impish_castor: needed
jammy_castor: needed
devel_castor: needed