[Bug 808961] [NEW] Sync xml-security-c 1.6.1-1 (universe) from Debian unstable (main)
Scott Kitterman
ubuntu at kitterman.com
Mon Jul 11 19:05:17 UTC 2011
Public bug reported:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/xml-security-c
status confirmed
importance wishlist
subscribe ubuntu-archive
done
Please sync xml-security-c 1.6.1-1 (universe) from Debian unstable
(main)
Changelog entries since current oneiric version 1.6.0-2:
xml-security-c (1.6.1-1) unstable; urgency=high
* Urgency high for security fix.
* New upstream release.
- DSIGObject::load method crashes for ds:Object without Id attribute
- Buffer overflow when signing or verifying files with big asymmetric
keys (Closes: #632973, CVE-2011-2516)
- Memory bug inside XENCCipherImpl::deSerialise
- Function cleanURIEscapes always throws XSECException, when any
escape sequence occurs
- Function isHexDigit doesn't recognize invalid escape sequences
- Percent-encoded multibyte (UTF-8) sequences unrecognized
- RSA-OAEP handler only allows SHA-1 digests
* Update debian/watch for the new organization of Apache downloads.
-- Russ Allbery <rra at debian.org> Thu, 07 Jul 2011 09:10:33 -0700
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEARECAAYFAk4bSWoACgkQHajaM93NaGqVSgCbBg+l7dPLVFSaU2HqDZJnvxjU
aXgAn01JELD91VZOCW9S4eg8BkdFaKKJ
=ydQH
-----END PGP SIGNATURE-----
** Affects: xml-security-c (Ubuntu)
Importance: Wishlist
Status: Confirmed
--
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/808961
Title:
Sync xml-security-c 1.6.1-1 (universe) from Debian unstable (main)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xml-security-c/+bug/808961/+subscriptions
More information about the ubuntu-archive
mailing list