Red Hat Security Advisory 2014-0400-03 - Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint, flexible, open source enterprise service bus and integration platform. Security fixes: A flaw was found in the way Apache Santuario XML Security for Java validated XML signatures. Santuario allowed a signature to specify an arbitrary canonicalization algorithm, which would be applied to the SignedInfo XML fragment. A remote attacker could exploit this to spoof an XML signature via a specially crafted XML signature block.
59fb89a523cbebe70f311b3e2011f6b31d5456d35c7cb4af096d9f8a7b46823e
Red Hat Security Advisory 2014-0401-02 - Red Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards-compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss A-MQ 6.1.0 is a minor product release that updates Red Hat JBoss A-MQ 6.0.0 and includes several bug fixes and enhancements.
884c2290b52cd9e01634db919d477a8981b15a764efe9bb37401b8a31a1d82ba
Debian Linux Security Advisory 2857-1 - It was discovered by the Spring development team that the fix for the XML External Entity (XXE) Injection (CVE-2013-4152) in the Spring Framework was incomplete.
9c12097cfb875c61fce6e20b552e7f5f7b025cc8d7ef5982a220e834a33b1796
The JavaScriptUtils.javaScriptEscape() method did not escape all characters that are sensitive within either a JS single quoted string, JS double quoted string, or HTML script data context. In most cases this will result in an unexploitable parse error but in some cases it could result in a cross site scripting vulnerability. Spring MVC versions 3.0.0 through 3.2.1 are affected.
242790135a9927b7deb87c43607a629b3269e553eee7b7f28d9784435b870ce8