Candidate: CVE-2016-4216
PublicDate: 2016-07-13 02:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4216
 https://helpx.adobe.com/security/products/xmpcore/apsb16-24.html
Description:
 XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers
 to read arbitrary files via XML data containing an external entity
 declaration in conjunction with an entity reference, related to an XML
 External Entity (XXE) issue.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N [7.5 HIGH]

Patches_libxmpcore-java:
upstream_libxmpcore-java: released (5.1.3)
precise_libxmpcore-java: DNE
precise/esm_libxmpcore-java: DNE
trusty_libxmpcore-java: ignored (reached end-of-life)
trusty/esm_libxmpcore-java: DNE (trusty was needed)
vivid/stable-phone-overlay_libxmpcore-java: DNE
vivid/ubuntu-core_libxmpcore-java: DNE
wily_libxmpcore-java: ignored (reached end-of-life)
xenial_libxmpcore-java: ignored (end of standard support, was needed)
yakkety_libxmpcore-java: ignored (reached end-of-life)
zesty_libxmpcore-java: ignored (reached end-of-life)
artful_libxmpcore-java: ignored (reached end-of-life)
bionic_libxmpcore-java: needed
cosmic_libxmpcore-java: ignored (reached end-of-life)
disco_libxmpcore-java: released (5.1.3-1)
eoan_libxmpcore-java: released (5.1.3-1)
focal_libxmpcore-java: released (5.1.3-1)
groovy_libxmpcore-java: released (5.1.3-1)
hirsute_libxmpcore-java: released (5.1.3-1)
impish_libxmpcore-java: released (5.1.3-1)
jammy_libxmpcore-java: released (5.1.3-1)
devel_libxmpcore-java: released (5.1.3-1)