Candidate: CVE-2017-1000061
PublicDate: 2017-07-17 13:18:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000061
 https://github.com/lsh123/xmlsec/issues/43
Description:
 xmlsec 1.2.23 and before is vulnerable to XML External Entity Expansion
 when parsing crafted input documents, resulting in possible information
 disclosure or denial of service
Ubuntu-Description:
 It was discovered that xmlsec incorrectly handled certain input documents. An
 attacker could possibly use this issue to obtain sensitive information or
 cause a denial of service.
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H [7.1 HIGH]

Patches_xmlsec1:
upstream_xmlsec1: released (1.2.24-1)
precise/esm_xmlsec1: DNE
trusty_xmlsec1: ignored (reached end-of-life)
trusty/esm_xmlsec1: DNE (trusty was needed)
vivid/ubuntu-core_xmlsec1: DNE
xenial_xmlsec1: ignored (end of standard support, was needed)
esm-infra/xenial_xmlsec1: needed
yakkety_xmlsec1: ignored (reached end-of-life)
zesty_xmlsec1: ignored (reached end-of-life)
artful_xmlsec1: not-affected (1.2.24-3)
bionic_xmlsec1: not-affected (1.2.24-3)
cosmic_xmlsec1: not-affected (1.2.24-3)
disco_xmlsec1: not-affected (1.2.24-3)
eoan_xmlsec1: not-affected (1.2.24-3)
focal_xmlsec1: not-affected (1.2.24-3)
groovy_xmlsec1: not-affected (1.2.24-3)
hirsute_xmlsec1: not-affected (1.2.24-3)
impish_xmlsec1: not-affected (1.2.24-3)
jammy_xmlsec1: not-affected (1.2.24-3)
devel_xmlsec1: not-affected (1.2.24-3)