Security update for xml-security-c

Russ Allbery rra at
Thu Jul 7 18:40:33 UTC 2011

Hello folks,

Upstream has released a security advisory for XML Security for C++, which
is packaged for Debian as xml-security-c.  The upstream advisory is at:

I've uploaded fixed 1.6.1-1 packages to Debian unstable, and have
backported the patch to XML Security for C++ 1.5.1 and prepared packages
for squeeze.  I've tested the new library by running through a Shibboleth
authentication and attribute retrieval, but have not gone so far as to try
to reproduce the bug and verify it that way.

Attached is the debdiff between 1.5.1+squeeze1 and 1.5.1.  Is this good to
upload to stable-security?  (The new packages are built with -sa.)

I'm working on a fix for lenny now.

Russ Allbery (rra at               <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: shib.diff
Type: text/x-diff
Size: 6348 bytes
Desc: not available
URL: <>

More information about the Pkg-shibboleth-devel mailing list