Fedora

Fedora 22 Security Update: opensaml-java-xmltooling-1.3.4-9.fc22,jboss-connector-1.6-api-1.0.1-1.fc22,cxf-xjc-utils-2.6.2-1.fc22,cxf-build-utils-2.6.0-1.fc22,cxf-2.7.11-1.fc22

Leave a comment

Resolved Bugs
1093529 – CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid
1095534 – CVE-2014-0035 Apache CXF: UsernameTokens are sent in plaintext with a Symmetric EncryptBeforeSigning policy [fedora-all]
1095550 – CVE-2014-0110 Apache CXF: Large invalid content could cause temporary space to fill [fedora-all]
1106113 – cxf: FTBFS in rawhide
1095492 – CVE-2014-0034 Apache CXF: The SecurityTokenService accepts certain invalid SAML Tokens as valid [fedora-all]
1065245 – cxf: Upgrade to 2.7.11
1068021 – cxf: Switch to java-headless (build)requires
1095542 – CVE-2014-0109 Apache CXF: HTML content posted to SOAP endpoint could cause OOM errors [fedora-all]
1157305 – CVE-2014-3584 CVE-2014-3623 cxf: various flaws [fedora-all]<br
CXF upgrade to 2.7.11.

Leave a Reply