Bug#632973: xml-security-c: CVE-2011-2516: buffer overflows signing or verifying with large keys
Russ Allbery
rra at debian.org
Thu Jul 7 15:39:51 UTC 2011
Dominic Hargreaves <dom at earth.li> writes:
> Package: xml-security-c
> Version: 1.6.0-2
> Severity: grave
> Tags: security
> Justification: user security hole
> Full advisory at
> <http://santuario.apache.org/secadv/CVE-2011-2516.txt>
> including links to patches in upstream SVN.
> Also assumed to affect stable and oldstable.
Yup, thanks. Working on it now. Testing is going to be a bit of an issue
since migration to testing is still blocked by a g++ bug; I'll see if I
can work around that by disabling optimization on arm.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
More information about the Pkg-shibboleth-devel
mailing list