Security update for xml-security-c

Russ Allbery rra at
Thu Jul 7 19:18:51 UTC 2011

Russ Allbery <rra at> writes:

> Attached is the debdiff for 1.4.0-3+lenny3.  This is not tested yet (I'm
> still tracking down a lenny system running Shibboleth), but the diff is
> identical to squeeze.

Now tested as well.

For the security advisory, please note that, after upgrading the package,
the administrator will need to manually restart Apache and shibd:

    /etc/init.d/shibd restart
    /etc/init.d/apache2 restart

if Shibboleth is also installed in order to pick up the new shared
library.  (I realize that this is standard for most shared library
vulnerabilities, but since XML Security for C++ is mostly only used for
Shibboleth, it's probably worth special note here.)

Russ Allbery (rra at               <>

More information about the Pkg-shibboleth-devel mailing list