Debian
xml-security-c package

xml-security-c 1.7.1-1 source package in Debian

Changelog

xml-security-c (1.7.1-1) experimental; urgency=high


  * New upstream release.
    - Fix a spoofing vulnerability that allows an attacker to reuse
      existing signatures with arbitrary content.  (CVE-2013-2153)
    - Fix a stack overflow in the processing of malformed XPointer
      expressions in the XML Signature Reference processing code.
      (CVE-2013-2154)
    - Fix processing of the output length of an HMAC-based XML Signature
      that could cause a denial of service when processing specially
      chosen input.  (CVE-2013-2155)
    - Fix a heap overflow in the processing of the PrefixList attribute
      optionally used in conjunction with Exclusive Canonicalization,
      potentially allowing arbitrary code execution. (CVE-2013-2156)
    - Reduce entity expansion limits when parsing.
    - New --id option to the xenc-checksig utility.
  * Rename the binaries in the xml-security-c-utils package to start with
    xsec-* instead of xmlsec-*.  This reflects the common abbreviation
    used by the package.

 -- Russ Allbery <email address hidden>  Mon, 17 Jun 2013 21:27:58 -0700

Upload details

Uploaded by:
Debian Shib Team
Uploaded to:
Experimental
Original maintainer:
Debian Shib Team
Architectures:
any
Section:
libs
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Downloads

File Size SHA-256 Checksum
xml-security-c_1.7.1-1.dsc 1.8 KiB d140e13cf5532181cf7c35bf89c996e450ebec2afa8ddc4fb935edb3d90597f2
xml-security-c_1.7.1.orig.tar.gz 854.9 KiB 3d306660702d620b30605627f970b90667ed967211a8fc26b3243e6d3abeb32e
xml-security-c_1.7.1-1.debian.tar.xz 11.7 KiB 096a7a3231e6aa0f2d22ae40adf608230fb336bed205d3d808a079249c4470a5

No changes file available.

Binary packages built by this source