| Package | xmltooling |
|---|---|
| Version | 1.5.3-2+deb8u5 (jessie) |
| Related CVEs | CVE-2023-36661 |
Jurien de Jong discovered that the parsing of KeyInfo elements within the XMLTooling library may result in server-side request forgery.
For Debian 8 jessie, these problems have been fixed in version 1.5.3-2+deb8u5.
We recommend that you upgrade your xmltooling packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.