debian · CVE-2018-0489

Quick triage

Priority: not yet assigned 公開: Updated: Thu, 16 Jul 2026 14:42:27 GMT

参照: Official debian advisory, NVD, CVE.org · CVE 詳細

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-0489 not yet assigned priority: Debian including 1 source packages (xmltooling), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.

Description:

Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service Provider before 2.6.1.4 on Windows and other products, mishandles digital signatures of user data, which allows remote attackers to obtain sensitive information or conduct impersonation attacks via crafted XML data. NOTE: this issue exists because of an incomplete fix for CVE-2018-0486.

cvelogic Threat Intelligence