[ubuntu/quantal-security] xml-security-c 1.6.1-7~build0.12.10.1 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Thu Jul 11 11:49:15 UTC 2013
xml-security-c (1.6.1-7~build0.12.10.1) quantal-security; urgency=low
* fake sync from Debian
xml-security-c (1.6.1-7) unstable; urgency=high
* The attempted fix to address CVE-2013-2154 introduced the possibility
of a heap overflow, possibly leading to arbitrary code execution, in
the processing of malformed XPointer expressions in the XML Signature
Reference processing code. Apply upstream patch to fix that heap
overflow. (Closes: #714241, CVE-2013-2210)
xml-security-c (1.6.1-6) unstable; urgency=high
* Apply upstream patch to fix a spoofing vulnerability that allows an
attacker to reuse existing signatures with arbitrary content.
(CVE-2013-2153)
* Apply upstream patch to fix a stack overflow in the processing of
malformed XPointer expressions in the XML Signature Reference
processing code. (CVE-2013-2154)
* Apply upstream patch to fix processing of the output length of an
HMAC-based XML Signature that could cause a denial of service when
processing specially chosen input. (CVE-2013-2155)
* Apply upstream patch to fix a heap overflow in the processing of the
PrefixList attribute optionally used in conjunction with Exclusive
Canonicalization, potentially allowing arbitrary code execution.
(CVE-2013-2156)
Date: 2013-07-10 22:15:24.616697+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/quantal/+source/xml-security-c/1.6.1-7~build0.12.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Quantal-changes
mailing list