Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 18 Apr 2017 13:01:31 +0100
From: Colm O hEigeartaigh <coheigea@...che.org>
To: "users@....apache.org" <users@....apache.org>, "dev@....apache.org" <dev@....apache.org>
Cc: Apache Security Response Team <security@...che.org>, bugtraq@...urityfocus.com, 
	oss-security@...ts.openwall.com
Subject: New security advisories for Apache CXF

The Apache CXF project has released two new security advisories:

a) CVE-2017-5653: Apache CXF JAX-RS XML Security streaming clients do not
validate that the service response was signed or encrypted.

b) CVE-2017-5656: Apache CXF's STSClient uses a flawed way of caching
tokens that are associated with delegation tokens.

More details, including the text of the security advisories, are available
at:

http://cxf.apache.org/security-advisories.html

Colm.

-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ