Advisories ยป MGASA-2014-0002

Updated xml-security package fixes security vulnerability

Publication date: 06 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-2172

Description

James Forshaw discovered that Apache XML Security for Java incorrectly
validated CanonicalizationMethod parameters. An attacker could use this
flaw to spoof XML signatures (CVE-2013-2172).
                

References

SRPMS

3/core