CVE-2015-0851

Priority
Description
XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth Service
Provider (SP), does not properly handle integer conversion exceptions,
which allows remote attackers to cause a denial of service (crash) via
schema-invalid XML data.
Notes
Package
Upstream:released (2.5.3-2+deb8u1 2.5.5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected [2.5.3-2+deb8u1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (2.5.5-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (2.5.5-1)
Patches:
Upstream:https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900
Package
Upstream:released (1.5.5)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needed)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.5.3-2+deb8u1build0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (1.5.6-2)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (1.5.6-2)
Patches:
Upstream:https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900
More Information

Updated: 2020-09-10 04:35:51 UTC (commit 81a23a978c4436cd99e1d040e9e73e9146876281)