Security update for xml-security-c

Nico Golde nico at
Thu Jul 7 20:12:11 UTC 2011

* Russ Allbery <rra at> [2011-07-07 20:51]:
> Upstream has released a security advisory for XML Security for C++, which
> is packaged for Debian as xml-security-c.  The upstream advisory is at:
> I've uploaded fixed 1.6.1-1 packages to Debian unstable, and have
> backported the patch to XML Security for C++ 1.5.1 and prepared packages
> for squeeze.  I've tested the new library by running through a Shibboleth
> authentication and attribute retrieval, but have not gone so far as to try
> to reproduce the bug and verify it that way.
> Attached is the debdiff between 1.5.1+squeeze1 and 1.5.1.  Is this good to
> upload to stable-security?  (The new packages are built with -sa.)
> I'm working on a fix for lenny now.

Looks good (also the lenny update). Please upload to security-master.

Kind regards
Nico Golde - - nion at - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <>

More information about the Pkg-shibboleth-devel mailing list