diff -Nru libjdom1-java-1.1.3/debian/changelog libjdom1-java-1.1.3/debian/changelog --- libjdom1-java-1.1.3/debian/changelog 2018-11-02 22:08:16.000000000 +0530 +++ libjdom1-java-1.1.3/debian/changelog 2021-07-04 14:14:56.000000000 +0530 @@ -1,3 +1,11 @@ +libjdom1-java (1.1.3-2.1) unstable; urgency=medium + + * Non-maintainer upload by the LTS team. + * Add patch to fix setFeature bug and add test case. + (Fixes: CVE-2021-33813) + + -- Utkarsh Gupta Sun, 04 Jul 2021 14:14:56 +0530 + libjdom1-java (1.1.3-2) unstable; urgency=medium * Fixed the build failure with Java 11 (Closes: #912539) diff -Nru libjdom1-java-1.1.3/debian/patches/CVE-2021-33813.patch libjdom1-java-1.1.3/debian/patches/CVE-2021-33813.patch --- libjdom1-java-1.1.3/debian/patches/CVE-2021-33813.patch 1970-01-01 05:30:00.000000000 +0530 +++ libjdom1-java-1.1.3/debian/patches/CVE-2021-33813.patch 2021-07-04 14:14:56.000000000 +0530 @@ -0,0 +1,68 @@ +From bd3ab78370098491911d7fe9d7a43b97144a234e Mon Sep 17 00:00:00 2001 +From: Esti +Date: Thu, 18 Feb 2021 16:40:01 +0200 +Subject: [PATCH] fix setFeature bug and add test case +Re-adapted-By: Utkarsh Gupta + +--- a/core/src/java/org/jdom/input/SAXBuilder.java ++++ b/core/src/java/org/jdom/input/SAXBuilder.java +@@ -758,16 +758,8 @@ + private void setFeaturesAndProperties(XMLReader parser, + boolean coreFeatures) + throws JDOMException { +- // Set any user-specified features on the parser. +- Iterator iter = features.keySet().iterator(); +- while (iter.hasNext()) { +- String name = (String)iter.next(); +- Boolean value = (Boolean)features.get(name); +- internalSetFeature(parser, name, value.booleanValue(), name); +- } +- + // Set any user-specified properties on the parser. +- iter = properties.keySet().iterator(); ++ Iterator iter = properties.keySet().iterator(); + while (iter.hasNext()) { + String name = (String)iter.next(); + internalSetProperty(parser, name, properties.get(name), name); +@@ -810,6 +802,14 @@ + } + catch (SAXNotRecognizedException e) { /* Ignore... */ } + catch (SAXNotSupportedException e) { /* Ignore... */ } ++ ++ // Set any user-specified features on the parser. ++ iter = features.keySet().iterator(); ++ while (iter.hasNext()) { ++ String name = (String)iter.next(); ++ Boolean value = (Boolean)features.get(name); ++ internalSetFeature(parser, name, value.booleanValue(), name); ++ } + } + + /** +--- a/test/src/java/org/jdom/test/cases/input/TestSAXBuilder.java ++++ b/test/src/java/org/jdom/test/cases/input/TestSAXBuilder.java +@@ -700,6 +700,24 @@ + // } + // } + ++ public void testSetExternalFeature() { ++ String feature = "http://javax.xml.XMLConstants/feature/secure-processing"; ++ MySAXBuilder sb = new MySAXBuilder(); ++ try { ++ sb.setFeature(feature, true); ++ XMLReader reader = sb.createParser(); ++ assertNotNull(reader); ++ assertTrue(reader.getFeature(feature)); ++ sb.setFeature(feature, false); ++ reader = sb.createParser(); ++ assertNotNull(reader); ++ assertFalse(reader.getFeature(feature)); ++ } catch (Exception e) { ++ e.printStackTrace(); ++ fail("Could not create parser: " + e.getMessage()); ++ } ++ } ++ + public void testSetProperty() { + LexicalHandler lh = new LexicalHandler() { + diff -Nru libjdom1-java-1.1.3/debian/patches/series libjdom1-java-1.1.3/debian/patches/series --- libjdom1-java-1.1.3/debian/patches/series 2018-11-02 21:16:04.000000000 +0530 +++ libjdom1-java-1.1.3/debian/patches/series 2021-07-04 14:14:56.000000000 +0530 @@ -1 +1,2 @@ 01-java11-compatibility.patch +CVE-2021-33813.patch