[ubuntu/lucid-security] xml-security-c 1.5.1-3+squeeze2build0.10.04.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Jun 18 20:12:18 UTC 2013
xml-security-c (1.5.1-3+squeeze2build0.10.04.1) lucid-security; urgency=low
* fake sync from Debian
xml-security-c (1.5.1-3+squeeze2) oldstable-security; urgency=high
* Apply upstream patch to fix a spoofing vulnerability that allows an
attacker to reuse existing signatures with arbitrary content.
(CVE-2013-2153)
* Apply upstream patch to fix a stack overflow in the processing of
malformed XPointer expressions in the XML Signature Reference
processing code. (CVE-2013-2154)
* Apply upstream patch to fix processing of the output length of an
HMAC-based XML Signature that could cause a denial of service when
processing specially chosen input. (CVE-2013-2155)
* Apply upstream patch to fix a heap overflow in the processing of the
PrefixList attribute optionally used in conjunction with Exclusive
Canonicalization, potentially allowing arbitrary code execution.
(CVE-2013-2156)
Date: 2013-06-18 17:00:15.148584+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/lucid/+source/xml-security-c/1.5.1-3+squeeze2build0.10.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Lucid-changes
mailing list