[ubuntu/precise-updates] xml-security-c 1.6.1-1ubuntu0.1 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Oct 9 15:28:06 UTC 2013
xml-security-c (1.6.1-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: (LP: #1192874).
- Apply upstream patch to fix a spoofing vulnerability that allows an
attacker to reuse existing signatures with arbitrary content.
(CVE-2013-2153)
- Apply upstream patch to fix a stack overflow in the processing of
malformed XPointer expressions in the XML Signature Reference
processing code. (CVE-2013-2154)
- Apply upstream patch to fix processing of the output length of an
HMAC-based XML Signature that could cause a denial of service when
processing specially chosen input. (CVE-2013-2155)
- Apply upstream patch to fix a heap overflow in the processing of the
PrefixList attribute optionally used in conjunction with Exclusive
Canonicalization, potentially allowing arbitrary code execution.
(CVE-2013-2156)
* SECURITY UPDATE: The attempted fix to address CVE-2013-2154 introduced
the possibility of a heap overflow, possibly leading to arbitrary code
execution, in the processing of malformed XPointer expressions in the
XML Signature Reference processing code (LP: #1199969).
- Apply upstream patch to fix that heap overflow. (CVE-2013-2210)
Date: 2013-10-09 14:11:14.436347+00:00
Changed-By: Christian Biamont <christianbiamont at gmail.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/precise/+source/xml-security-c/1.6.1-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list