Package: libxalan2-java / 2.7.1-9

Metadata

Package Version Patches format
libxalan2-java 2.7.1-9 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
build.patch | (download)

build.xml | 41 32 + 9 - 0 !
1 file changed, 32 insertions(+), 9 deletions(-)

---
CVE 2014 0107.patch | (download)

src/org/apache/xalan/processor/TransformerFactoryImpl.java | 4 4 + 0 - 0 !
src/org/apache/xalan/processor/XSLTElementProcessor.java | 32 22 + 10 - 0 !
src/org/apache/xalan/transformer/TransformerImpl.java | 4 3 + 1 - 0 !
src/org/apache/xpath/functions/FuncSystemProperty.java | 28 23 + 5 - 0 !
4 files changed, 52 insertions(+), 16 deletions(-)

 fix for cve-2014-0107: strengthen the secure processing mode by
 disabling external general entities, foreign attributes and access to the
 system properties. This could be exploited to execute arbitrary code remotely.