[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ws-general
Subject:    Two new security advisories released for Apache WSS4J
From:       Colm O hEigeartaigh <coheigea () apache ! org>
Date:       2015-02-10 11:41:37
Message-ID: CAB8XdGBJuywczWKQz5otQH4kgu2kEGtOxgZNpA5-2hy4f0ySeA () mail ! gmail ! com
[Download RAW message or body]

Two new security advisories have been released for Apache WSS4J:

1) CVE-2015-0226: Apache WSS4J is (still) vulnerable to Bleichenbacher's
attack

http://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc

2) CVE-2015-0227: Apache WSS4J doesn't correctly enforce the
requireSignedEncryptedDataElements property

http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc

Please note that both of these advisories were fixed in WSS4J 2.0.2 and
1.6.17, both of which were released last year.

Colm.


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

[Attachment #3 (text/html)]

<div dir="ltr"><div>Two new security advisories have been released for Apache \
WSS4J:<br><br>1) CVE-2015-0226: Apache WSS4J is (still) vulnerable to \
Bleichenbacher&#39;s attack<br><br><a \
href="http://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc">http://ws.apache.org/wss4j/advisories/CVE-2015-0226.txt.asc</a><br><br>2) \
CVE-2015-0227: Apache WSS4J doesn&#39;t correctly enforce the \
requireSignedEncryptedDataElements property<br><br><a \
href="http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc">http://ws.apache.org/wss4j/advisories/CVE-2015-0227.txt.asc</a><br><br></div>Please \
note that both of these advisories were fixed in WSS4J 2.0.2 and 1.6.17, both of \
which were released last year. <br><br>Colm.<br><div><div><div><br clear="all"><br>-- \
<br><div class="gmail_signature">Colm O hEigeartaigh<br><br>Talend Community \
Coder<br><a href="http://coders.talend.com" \
target="_blank">http://coders.talend.com</a><br></div></div></div></div></div>



[prev in list] [next in list] [prev in thread] [next in thread]