Candidate: CVE-2015-0851 PublicDate: 2015-08-12 14:59:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0851 http://shibboleth.net/community/advisories/secadv_20150721.txt https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900 Description: XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service Provider (SP), does not properly handle integer conversion exceptions, which allows remote attackers to cause a denial of service (crash) via schema-invalid XML data. Ubuntu-Description: Notes: Bugs: https://bugs.launchpad.net/ubuntu/+source/shibboleth-sp2/+bug/1480765 Priority: medium Discovered-by: Assigned-to: CVSS: Patches_opensaml2: upstream: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900 upstream_opensaml2: released (2.5.3-2+deb8u1 2.5.5) precise_opensaml2: ignored (reached end-of-life) precise/esm_opensaml2: DNE (precise was needed) trusty_opensaml2: not-affected (2.5.3-2+deb8u1) trusty/esm_opensaml2: DNE (trusty was not-affected [2.5.3-2+deb8u1]) vivid_opensaml2: ignored (reached end-of-life) vivid/stable-phone-overlay_opensaml2: DNE vivid/ubuntu-core_opensaml2: DNE wily_opensaml2: ignored (reached end-of-life) xenial_opensaml2: not-affected (2.5.5-1) yakkety_opensaml2: ignored (reached end-of-life) zesty_opensaml2: not-affected (2.5.5-1) artful_opensaml2: not-affected (2.5.5-1) bionic_opensaml2: not-affected (2.5.5-1) devel_opensaml2: not-affected (2.5.5-1) Patches_xmltooling: upstream: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900 upstream_xmltooling: released (1.5.5) precise_xmltooling: ignored (reached end-of-life) precise/esm_xmltooling: DNE (precise was needed) trusty_xmltooling: released (1.5.3-2+deb8u1build0.14.04.1) trusty/esm_xmltooling: DNE (trusty was released [1.5.3-2+deb8u1build0.14.04.1]) vivid_xmltooling: released (1.5.3-2+deb8u1build0.15.04.1) vivid/stable-phone-overlay_xmltooling: DNE vivid/ubuntu-core_xmltooling: DNE wily_xmltooling: ignored (reached end-of-life) xenial_xmltooling: not-affected (1.5.6-2) yakkety_xmltooling: ignored (reached end-of-life) zesty_xmltooling: not-affected (1.5.6-2) artful_xmltooling: not-affected (1.5.6-2) bionic_xmltooling: not-affected (1.5.6-2) devel_xmltooling: not-affected (1.5.6-2)