+++ This bug was initially created as a clone of Bug #277872 +++ Please see the blocker for vulnerability details. Upstram Bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=47526 Patch: http://svn.apache.org/viewvc?view=rev&revision=794013 It seems they disallow HMAC truncation completely, so this is a sufficient patch for the vulnerability. Note that since the ebuild is in an overlay, the Security Team will not be tracking this issue via our usual procedures. This is a regular Java herd bug.
commit ac609fa (HEAD, master) Author: Patrice Clement <monsieurp@gentoo.org> Date: Fri Oct 23 18:53:16 2015 +0000 dev-java/xml-security: Moved to Portage a while ago. Removing from overlay. Fixes bug 277873. Signed-off-by: Patrice Clement <monsieurp@gentoo.org> delete mode 100644 dev-java/xml-security/Manifest delete mode 100644 dev-java/xml-security/metadata.xml delete mode 100644 dev-java/xml-security/xml-security-1.3.0.ebuild No reason to keep it as it already exists in Portage under dev-java/xml-security and we package an up to date version.