{"id":"MGASA-2014-0558","summary":"Updated xml-security packages fix CVE-2013-4517","details":"Updated xml-security packages fixes security vulnerability:\n\nApache Santuario XML Security for Java before 1.5.6, when applying\nTransforms, allows remote attackers to cause a denial of service (memory\nconsumption) via crafted Document Type Definitions (DTDs), related to\nsignatures (CVE-2013-4517).\n","modified":"2026-04-16T06:24:48.454261353Z","published":"2014-12-31T12:28:04Z","upstream":["CVE-2013-4517"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0558.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14485"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-November/142709.html"}],"affected":[{"package":{"name":"xml-security","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/xml-security?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5.7-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0558.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}