ELA-877-1 xmltooling security update

server-side request forgery

2023-06-23
Packagexmltooling
Version1.5.3-2+deb8u5 (jessie)
Related CVEs CVE-2023-36661


Jurien de Jong discovered that the parsing of KeyInfo elements within the XMLTooling library may result in server-side request forgery.



For Debian 8 jessie, these problems have been fixed in version 1.5.3-2+deb8u5.

We recommend that you upgrade your xmltooling packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.