[SCM] Debian packaging for XML-Security-C branch, master, updated. debian/1.7.0-1-11-gbbed522
Russ Allbery
rra at debian.org
Tue Jun 18 04:36:31 UTC 2013
The following commit has been merged in the master branch:
commit 226df214ffe082a3161e7f4b4ad32ece91e653e3
Author: Russ Allbery <rra at debian.org>
Date: Mon Jun 17 20:37:32 2013 -0700
Add changelog for upstream 1.7.1 release
diff --git a/debian/changelog b/debian/changelog
index 7d04a22..1f203de 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,21 @@
+xml-security-c (1.7.1-1) UNRELEASED; urgency=high
+
+ * New upstream release.
+ - Fix a spoofing vulnerability that allows an attacker to reuse
+ existing signatures with arbitrary content. (CVE-2013-2153)
+ - Fix a stack overflow in the processing of malformed XPointer
+ expressions in the XML Signature Reference processing code.
+ (CVE-2013-2154)
+ - Fix processing of the output length of an HMAC-based XML Signature
+ that could cause a denial of service when processing specially
+ chosen input. (CVE-2013-2155)
+ - Fix a heap overflow in the processing of the PrefixList attribute
+ optionally used in conjunction with Exclusive Canonicalization,
+ potentially allowing arbitary code execution. (CVE-2013-2156)
+ - Reduce entity expansion limits when parsing.
+
+ -- Russ Allbery <rra at debian.org> Mon, 17 Jun 2013 20:37:26 -0700
+
xml-security-c (1.7.0-1) experimental; urgency=low
* New upstream release.
--
Debian packaging for XML-Security-C
More information about the Pkg-shibboleth-devel
mailing list