PublicDateAtUSN: 2019-03-12
Candidate: CVE-2019-9628
PublicDate: 2019-04-11 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9628
 https://shibboleth.net/community/advisories/secadv_20190311.txt
 https://issues.shibboleth.net/jira/browse/CPPXT-143
 https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=af27c422f551e16989ff6f1722d83614c8550eb5
 https://ubuntu.com/security/notices/USN-3921-1
Description:
 The XMLTooling library all versions prior to V3.0.4, provided with the
 OpenSAML and Shibboleth Service Provider software, contains an XML parsing
 class. Invalid data in the XML declaration causes an exception of a type
 that was not handled properly in the parser class and propagates an
 unexpected exception type.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924346
 https://bugs.launchpad.net/bugs/1819912
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_xmltooling:
upstream_xmltooling: released (3.0.4-1)
precise/esm_xmltooling: DNE
trusty_xmltooling: released (1.5.3-2+deb8u3ubuntu0.1)
trusty/esm_xmltooling: DNE (trusty was released [1.5.3-2+deb8u3ubuntu0.1])
xenial_xmltooling: released (1.5.6-2ubuntu0.3)
bionic_xmltooling: released (1.6.4-1ubuntu2.1)
cosmic_xmltooling: released (3.0.2-1ubuntu1.1)
devel_xmltooling: released (3.0.4-1)