kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/devel/xmltooling/pkg-plist
Palle Girgensohn 43e9362f36 Shibboleth SP software crashes on well-formed but invalid XML. 
The Service Provider software contains a code path with an uncaught
exception that can be triggered by an unauthenticated attacker by
supplying well-formed but schema-invalid XML in the form of SAML
metadata or SAML protocol messages. The result is a crash and so
causes a denial of service.

You must rebuild opensaml and shibboleth with xmltooling-1.5.5 or later.
The easiest way to do so is to update the whole chain including
shibboleth-2.5.5 an opensaml2.5.5.

URL:    	http://shibboleth.net/community/advisories/secadv_20150721.txt
Security:	CVE-2015-2684
2015-07-23 13:21:05 +00:00

97 lines
3.8 KiB
Text
Raw Blame History

include/xmltooling/AbstractAttributeExtensibleXMLObject.h
include/xmltooling/AbstractComplexElement.h
include/xmltooling/AbstractDOMCachingXMLObject.h
include/xmltooling/AbstractSimpleElement.h
include/xmltooling/AbstractXMLObject.h
include/xmltooling/AttributeExtensibleXMLObject.h
include/xmltooling/ConcreteXMLObjectBuilder.h
include/xmltooling/ElementExtensibleXMLObject.h
include/xmltooling/ElementProxy.h
include/xmltooling/Lockable.h
include/xmltooling/Namespace.h
include/xmltooling/PluginManager.h
include/xmltooling/QName.h
include/xmltooling/XMLObject.h
include/xmltooling/XMLObjectBuilder.h
include/xmltooling/XMLToolingConfig.h
include/xmltooling/base.h
include/xmltooling/char_traits.h
include/xmltooling/config_pub.h
include/xmltooling/encryption/Decrypter.h
include/xmltooling/encryption/EncryptedKeyResolver.h
include/xmltooling/encryption/Encrypter.h
include/xmltooling/encryption/Encryption.h
include/xmltooling/exceptions.h
include/xmltooling/impl/AnyElement.h
include/xmltooling/impl/UnknownElement.h
include/xmltooling/io/AbstractXMLObjectMarshaller.h
include/xmltooling/io/AbstractXMLObjectUnmarshaller.h
include/xmltooling/io/GenericRequest.h
include/xmltooling/io/GenericResponse.h
include/xmltooling/io/HTTPRequest.h
include/xmltooling/io/HTTPResponse.h
include/xmltooling/logging.h
include/xmltooling/security/AbstractPKIXTrustEngine.h
include/xmltooling/security/BasicX509Credential.h
include/xmltooling/security/ChainingTrustEngine.h
include/xmltooling/security/Credential.h
include/xmltooling/security/CredentialContext.h
include/xmltooling/security/CredentialCriteria.h
include/xmltooling/security/CredentialResolver.h
include/xmltooling/security/KeyInfoCredentialContext.h
include/xmltooling/security/KeyInfoResolver.h
include/xmltooling/security/OpenSSLCredential.h
include/xmltooling/security/OpenSSLCryptoX509CRL.h
include/xmltooling/security/OpenSSLPathValidator.h
include/xmltooling/security/OpenSSLTrustEngine.h
include/xmltooling/security/PKIXPathValidatorParams.h
include/xmltooling/security/PathValidator.h
include/xmltooling/security/SecurityHelper.h
include/xmltooling/security/SignatureTrustEngine.h
include/xmltooling/security/TrustEngine.h
include/xmltooling/security/X509Credential.h
include/xmltooling/security/X509TrustEngine.h
include/xmltooling/security/XSECCryptoX509CRL.h
include/xmltooling/signature/ContentReference.h
include/xmltooling/signature/KeyInfo.h
include/xmltooling/signature/Signature.h
include/xmltooling/signature/SignatureValidator.h
include/xmltooling/soap/HTTPSOAPTransport.h
include/xmltooling/soap/OpenSSLSOAPTransport.h
include/xmltooling/soap/SOAP.h
include/xmltooling/soap/SOAPClient.h
include/xmltooling/soap/SOAPTransport.h
include/xmltooling/unicode.h
include/xmltooling/util/CurlURLInputStream.h
include/xmltooling/util/DateTime.h
include/xmltooling/util/NDC.h
include/xmltooling/util/ParserPool.h
include/xmltooling/util/PathResolver.h
include/xmltooling/util/Predicates.h
include/xmltooling/util/ReloadableXMLFile.h
include/xmltooling/util/ReplayCache.h
include/xmltooling/util/StorageService.h
include/xmltooling/util/TemplateEngine.h
include/xmltooling/util/Threads.h
include/xmltooling/util/URLEncoder.h
include/xmltooling/util/XMLConstants.h
include/xmltooling/util/XMLHelper.h
include/xmltooling/util/XMLObjectChildrenList.h
include/xmltooling/validation/Validator.h
include/xmltooling/validation/ValidatorSuite.h
include/xmltooling/version.h
lib/libxmltooling-lite.so
lib/libxmltooling-lite.so.6
lib/libxmltooling-lite.so.6.0.5
lib/libxmltooling.so
lib/libxmltooling.so.6
lib/libxmltooling.so.6.0.5
libdata/pkgconfig/xmltooling.pc
share/xml/xmltooling/catalog.xml
share/xml/xmltooling/soap-envelope.xsd
share/xml/xmltooling/xenc-schema.xsd
share/xml/xmltooling/xenc11-schema.xsd
share/xml/xmltooling/xml.xsd
share/xml/xmltooling/xmldsig-core-schema.xsd
share/xml/xmltooling/xmldsig11-schema.xsd
share/xml/xmltooling/xmltooling.xsd
Reference in a new issue View git blame Copy permalink