[ubuntu/raring-updates] xml-security-c 1.6.1-7~build0.13.04.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Jul 11 12:28:47 UTC 2013


xml-security-c (1.6.1-7~build0.13.04.1) raring-security; urgency=low

  * fake sync from Debian

xml-security-c (1.6.1-7) unstable; urgency=high

  * The attempted fix to address CVE-2013-2154 introduced the possibility
    of a heap overflow, possibly leading to arbitrary code execution, in
    the processing of malformed XPointer expressions in the XML Signature
    Reference processing code.  Apply upstream patch to fix that heap
    overflow.  (Closes: #714241, CVE-2013-2210)

xml-security-c (1.6.1-6) unstable; urgency=high

  * Apply upstream patch to fix a spoofing vulnerability that allows an
    attacker to reuse existing signatures with arbitrary content.
    (CVE-2013-2153)
  * Apply upstream patch to fix a stack overflow in the processing of
    malformed XPointer expressions in the XML Signature Reference
    processing code.  (CVE-2013-2154)
  * Apply upstream patch to fix processing of the output length of an
    HMAC-based XML Signature that could cause a denial of service when
    processing specially chosen input.  (CVE-2013-2155)
  * Apply upstream patch to fix a heap overflow in the processing of the
    PrefixList attribute optionally used in conjunction with Exclusive
    Canonicalization, potentially allowing arbitrary code execution.
    (CVE-2013-2156)

Date: 2013-07-10 22:20:15.596938+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/raring/+source/xml-security-c/1.6.1-7~build0.13.04.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Raring-changes mailing list