[Bug 808961] [NEW] Sync xml-security-c 1.6.1-1 (universe) from Debian unstable (main)

Scott Kitterman ubuntu at kitterman.com
Mon Jul 11 19:05:17 UTC 2011


Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/xml-security-c
 status confirmed
 importance wishlist
 subscribe ubuntu-archive
 done

Please sync xml-security-c 1.6.1-1 (universe) from Debian unstable
(main)

Changelog entries since current oneiric version 1.6.0-2:

xml-security-c (1.6.1-1) unstable; urgency=high

  * Urgency high for security fix.
  * New upstream release.
    - DSIGObject::load method crashes for ds:Object without Id attribute
    - Buffer overflow when signing or verifying files with big asymmetric
      keys (Closes: #632973, CVE-2011-2516)
    - Memory bug inside XENCCipherImpl::deSerialise
    - Function cleanURIEscapes always throws XSECException, when any
      escape sequence occurs
    - Function isHexDigit doesn't recognize invalid escape sequences
    - Percent-encoded multibyte (UTF-8) sequences unrecognized
    - RSA-OAEP handler only allows SHA-1 digests
  * Update debian/watch for the new organization of Apache downloads.

 -- Russ Allbery <rra at debian.org>  Thu, 07 Jul 2011 09:10:33 -0700

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAk4bSWoACgkQHajaM93NaGqVSgCbBg+l7dPLVFSaU2HqDZJnvxjU
aXgAn01JELD91VZOCW9S4eg8BkdFaKKJ
=ydQH
-----END PGP SIGNATURE-----

** Affects: xml-security-c (Ubuntu)
     Importance: Wishlist
         Status: Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/808961

Title:
  Sync xml-security-c 1.6.1-1 (universe) from Debian unstable (main)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xml-security-c/+bug/808961/+subscriptions



More information about the ubuntu-archive mailing list