[SECURITY] [DSA 4175-1] freeplane security update

From: Salvatore Bonaccorso <carnil@debian.org>
To: bugtraq@securityfocus.com
Cc:
Subject: [SECURITY] [DSA 4175-1] freeplane security update
Date:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4175-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 18, 2018                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : freeplane
CVE ID         : CVE-2018-1000069
Debian Bug     : 893663

Wojciech Regula discovered an XML External Entity vulnerability in the
XML Parser of the mindmap loader in freeplane, a Java program for
working with mind maps, resulting in potential information disclosure if
a malicious mind map file is opened.

For the oldstable distribution (jessie), this problem has been fixed
in version 1.3.12-1+deb8u1.

For the stable distribution (stretch), this problem has been fixed in
version 1.5.18-1+deb9u1.

We recommend that you upgrade your freeplane packages.

For the detailed security status of freeplane please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/freeplane

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlrWxN9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0TWZQ//e38sUdwj6IZXNKfGIwUhzXXYJEt3Sq4VIBYzUIKz62+vDI6JKtFcfgC9
u+VN8bsClzlJwpsJltJXP8XNObvlXdi+xoD/+KcXhrmj0r7I77ZcfkKmD8L1zeR9
R+4tTVsUjahFELM7WcvNMcRPyIYa/fOYDIWYnzLqdHlCKHAfqDUgAcg4l76K44i5
dLC8JfQNMVe/oH2vR5N+nmZzBml44uURsV+D2We0Fr/q4OBcHtFw8vVziiZ8ZWuu
fRyR72sX+pjgmFoa2725D9XnRMVOdaCSc778jiwPVRkvWvc6oFtW1shQ4waWl7WO
qQggaU6vLot2M0HYdWVLazT3vX6GyVXFV5d9FfHm2/GCcoz/F84Pjwg3Y01X3hCz
VBTZUN6B+1WqvxcXSKS33xPIORmMwQZ0jCa+IgNxKUFlnfvML9lsUXSajBNnSziF
1eDw3/opvqom9jluJsCLdeWiDH2Ya3p0C/jJAwYQGZLZZema9FkPI9D6slydJjUE
byAo8gmJKUmlHoWNxieumNDfyqzExvGLEsgcLlRtrJoyO4M4l/Uk2BuauEXEkgim
0AW/5biL/gYBX82c5oDx6w1JiKDyJ/lAKmb0ihHcZsPeVJeHIW+tdR6sEfZOrkdM
GZtBt39gzpoUesykcGYRWtHq11gxa3JPBEq/6OD6IgZ6XIwPAYw=
=VS6n
-----END PGP SIGNATURE-----





Copyright © 1995-2018 LinuxRocket.net. All rights reserved.