Debian
xml-security-c package

xml-security-c 1.6.1-6 source package in Debian

Changelog

xml-security-c (1.6.1-6) unstable; urgency=high


  * Apply upstream patch to fix a spoofing vulnerability that allows an
    attacker to reuse existing signatures with arbitrary content.
    (CVE-2013-2153)
  * Apply upstream patch to fix a stack overflow in the processing of
    malformed XPointer expressions in the XML Signature Reference
    processing code.  (CVE-2013-2154)
  * Apply upstream patch to fix processing of the output length of an
    HMAC-based XML Signature that could cause a denial of service when
    processing specially chosen input.  (CVE-2013-2155)
  * Apply upstream patch to fix a heap overflow in the processing of the
    PrefixList attribute optionally used in conjunction with Exclusive
    Canonicalization, potentially allowing arbitrary code execution.
    (CVE-2013-2156)

 -- Russ Allbery <email address hidden>  Mon, 17 Jun 2013 22:25:32 -0700

Upload details

Uploaded by:
Debian Shib Team
Uploaded to:
Sid
Original maintainer:
Debian Shib Team
Architectures:
any
Section:
libs
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
xml-security-c_1.6.1-6.dsc 1.7 KiB 9550bfa8eb7d9af144c88e02afb30afd057ba6d9edcbe43db5ece49e6cc353e1
xml-security-c_1.6.1.orig.tar.gz 844.1 KiB 73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd
xml-security-c_1.6.1-6.debian.tar.gz 11.4 KiB da3a4a694679319645aaf8a68cd95d0958b0fdf9b226655048a5be77faac5330

Available diffs

No changes file available.

Binary packages built by this source