Security update for xml-security-c
Russ Allbery
rra at debian.org
Thu Jul 7 18:40:33 UTC 2011
Hello folks,
Upstream has released a security advisory for XML Security for C++, which
is packaged for Debian as xml-security-c. The upstream advisory is at:
http://santuario.apache.org/secadv/CVE-2011-2516.txt
I've uploaded fixed 1.6.1-1 packages to Debian unstable, and have
backported the patch to XML Security for C++ 1.5.1 and prepared packages
for squeeze. I've tested the new library by running through a Shibboleth
authentication and attribute retrieval, but have not gone so far as to try
to reproduce the bug and verify it that way.
Attached is the debdiff between 1.5.1+squeeze1 and 1.5.1. Is this good to
upload to stable-security? (The new packages are built with -sa.)
I'm working on a fix for lenny now.
--
Russ Allbery (rra at debian.org) <http://www.eyrie.org/~eagle/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: shib.diff
Type: text/x-diff
Size: 6348 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shibboleth-devel/attachments/20110707/5d3eee46/attachment.diff>
More information about the Pkg-shibboleth-devel
mailing list