Bug#632973: xml-security-c: CVE-2011-2516: buffer overflows signing or verifying with large keys

Russ Allbery rra at debian.org
Thu Jul 7 15:39:51 UTC 2011

Dominic Hargreaves <dom at earth.li> writes:

> Package: xml-security-c
> Version: 1.6.0-2
> Severity: grave
> Tags: security
> Justification: user security hole

> Full advisory at
> <http://santuario.apache.org/secadv/CVE-2011-2516.txt>
> including links to patches in upstream SVN.

> Also assumed to affect stable and oldstable.

Yup, thanks.  Working on it now.  Testing is going to be a bit of an issue
since migration to testing is still blocked by a g++ bug; I'll see if I
can work around that by disabling optimization on arm.

Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>

More information about the Pkg-shibboleth-devel mailing list