[ubuntu/oneiric] xml-security-c 1.6.1-1 (Accepted)

Scott Kitterman ubuntu at kitterman.com
Mon Jul 11 21:01:09 UTC 2011


xml-security-c (1.6.1-1) unstable; urgency=high

  * Urgency high for security fix.
  * New upstream release.
    - DSIGObject::load method crashes for ds:Object without Id attribute
    - Buffer overflow when signing or verifying files with big asymmetric
      keys (Closes: #632973, CVE-2011-2516)
    - Memory bug inside XENCCipherImpl::deSerialise
    - Function cleanURIEscapes always throws XSECException, when any
      escape sequence occurs
    - Function isHexDigit doesn't recognize invalid escape sequences
    - Percent-encoded multibyte (UTF-8) sequences unrecognized
    - RSA-OAEP handler only allows SHA-1 digests
  * Update debian/watch for the new organization of Apache downloads.

Date: Mon,  11 Jul 2011 20:55:26 +0000
Changed-By: Scott Kitterman <ubuntu at kitterman.com>
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Origin: Debian/unstable
https://launchpad.net/ubuntu/oneiric/+source/xml-security-c/1.6.1-1
-------------- next part --------------
Origin: Debian/unstable
Format: 1.7
Date: Mon,  11 Jul 2011 20:55:26 +0000
Source: xml-security-c
Binary: libxml-security-c16, libxml-security-c-dev
Architecture: source
Version: 1.6.1-1
Distribution: oneiric
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Scott Kitterman <ubuntu at kitterman.com>
Closes: 632973
Files:
 7dbad386fb00cdb401ffc1210592148a 7285 libs extra xml-security-c_1.6.1-1.debian.tar.gz
 239ad9504d7326e84e8c49bb48f5c764 1689 libs extra xml-security-c_1.6.1-1.dsc
 808316c80a7453b6d50a0bceb7ebe9bc 864366 libs extra xml-security-c_1.6.1.orig.tar.gz
Changes:
 xml-security-c (1.6.1-1) unstable; urgency=high
 .
   * Urgency high for security fix.
   * New upstream release.
     - DSIGObject::load method crashes for ds:Object without Id attribute
     - Buffer overflow when signing or verifying files with big asymmetric
       keys (Closes: #632973, CVE-2011-2516)
     - Memory bug inside XENCCipherImpl::deSerialise
     - Function cleanURIEscapes always throws XSECException, when any
       escape sequence occurs
     - Function isHexDigit doesn't recognize invalid escape sequences
     - Percent-encoded multibyte (UTF-8) sequences unrecognized
     - RSA-OAEP handler only allows SHA-1 digests
   * Update debian/watch for the new organization of Apache downloads.



More information about the Oneiric-changes mailing list