Security update for xml-security-c
Nico Golde
nico at ngolde.de
Thu Jul 7 20:12:11 UTC 2011
Hi,
* Russ Allbery <rra at debian.org> [2011-07-07 20:51]:
> Upstream has released a security advisory for XML Security for C++, which
> is packaged for Debian as xml-security-c. The upstream advisory is at:
>
> http://santuario.apache.org/secadv/CVE-2011-2516.txt
>
> I've uploaded fixed 1.6.1-1 packages to Debian unstable, and have
> backported the patch to XML Security for C++ 1.5.1 and prepared packages
> for squeeze. I've tested the new library by running through a Shibboleth
> authentication and attribute retrieval, but have not gone so far as to try
> to reproduce the bug and verify it that way.
>
> Attached is the debdiff between 1.5.1+squeeze1 and 1.5.1. Is this good to
> upload to stable-security? (The new packages are built with -sa.)
>
> I'm working on a fix for lenny now.
Looks good (also the lenny update). Please upload to security-master.
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-shibboleth-devel/attachments/20110707/09b01ad7/attachment.pgp>
More information about the Pkg-shibboleth-devel
mailing list