[SECURITY] Fedora 20 Update: castor-1.3.3-1.fc20

updates at fedoraproject.org updates at fedoraproject.org
Mon Dec 15 04:35:59 UTC 2014 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2014-16346
2014-12-06 01:53:58
--------------------------------------------------------------------------------

Name        : castor
Product     : Fedora 20
Version     : 1.3.3
Release     : 1.fc20
URL         : http://castor.codehaus.org
Summary     : An open source data binding framework for Java
Description :
Castor is an open source data binding framework for Java. It's basically
the shortest path between Java objects, XML documents and SQL tables.
Castor provides Java to XML binding, Java to SQL persistence, and more.

--------------------------------------------------------------------------------
Update Information:

Update to latest upstream point release containing fix for  	CVE-2014-3004
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  4 2014 Mat Booth <mat.booth at redhat.com> - 1.3.3-1
- Update to latest upstream 1.3.3
- Fixes rhbz#1108691 CVE-2014-3004
* Mon Jun  9 2014 Alexander Kurtakov <akurtako at redhat.com> 1.3.2-14
- Fix FTBFS.
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.2-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Mar 28 2014 Michael Simacek <msimacek at redhat.com> - 1.3.2-12
- Use Requires: java-headless rebuild (#1067528)
* Wed Nov 27 2013 Mat Booth <fedora at matbooth.co.uk> - 0:1.3.2-11
- Update for merge review comments and fix rawhide build
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1108639 - CVE-2014-3004 castor: XML External Entity (XXE) attacks via a crafted XML document
        https://bugzilla.redhat.com/show_bug.cgi?id=1108639
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update castor' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list