© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Debdiff attached which fixes the problem for Xenial.
Since there is no corresponding Debian release to fakesync this from for Xenial, I've just recreated the patch sequence against the version already in Xenial. It includes the same two quilt patches which have been fake-synced into Trusty, and already exist in Bionic:
- A one-line patch to add 'disallowDoctype' to the parser configuration. While this does nothing under the Xerces 3.1 in Xenial, it provides generic impersonation protection for Xerces 3.2. This patch is a pre-req to get the upstream CVE-2018-0489 patch to apply cleanly.
- Upstream's patch for CVE-2018-0489.