[SCM] Debian packaging for XML-Security-C annotated tag, debian/1.7.1-1, created. debian/1.7.1-1

Russ Allbery rra at debian.org
Tue Jun 18 04:36:57 UTC 2013 

The annotated tag, debian/1.7.1-1 has been created
        at  4edeb14bc024452b4c43dc12354f68d3d05d826a (tag)
   tagging  bbed522d0c134a702188b4a58dd4ef97c6ea6256 (commit)
  replaces  debian/1.7.0-1
 tagged by  Russ Allbery
        on  Mon Jun 17 21:35:54 2013 -0700

- Shortlog ------------------------------------------------------------
Debian release 1.7.1-1

Format: 1.8
Date: Mon, 17 Jun 2013 21:27:58 -0700
Source: xml-security-c
Binary: libxml-security-c17 libxml-security-c-dev xml-security-c-utils
Architecture: source i386
Version: 1.7.1-1
Distribution: experimental
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
Description:
 libxml-security-c-dev - C++ library for XML Digital Signatures (development)
 libxml-security-c17 - C++ library for XML Digital Signatures (runtime)
 xml-security-c-utils - C++ library for XML Digital Signatures (utilities)
Changes:
 xml-security-c (1.7.1-1) experimental; urgency=high
 .
   * New upstream release.
     - Fix a spoofing vulnerability that allows an attacker to reuse
       existing signatures with arbitrary content.  (CVE-2013-2153)
     - Fix a stack overflow in the processing of malformed XPointer
       expressions in the XML Signature Reference processing code.
       (CVE-2013-2154)
     - Fix processing of the output length of an HMAC-based XML Signature
       that could cause a denial of service when processing specially
       chosen input.  (CVE-2013-2155)
     - Fix a heap overflow in the processing of the PrefixList attribute
       optionally used in conjunction with Exclusive Canonicalization,
       potentially allowing arbitrary code execution. (CVE-2013-2156)
     - Reduce entity expansion limits when parsing.
     - New --id option to the xenc-checksig utility.
   * Rename the binaries in the xml-security-c-utils package to start with
     xsec-* instead of xmlsec-*.  This reflects the common abbreviation
     used by the package.
Checksums-Sha1:
 4da37c984346235f478312fcd389d92b1491f402 1301 xml-security-c_1.7.1-1.dsc
 4253f691fe2cde5bc4a3bdf557b9566eb1c769e6 875367 xml-security-c_1.7.1.orig.tar.gz
 17b6ddbfc01e507dc46e3aa8ea0c162f6bc4016e 11932 xml-security-c_1.7.1-1.debian.tar.xz
 a9ed8e54e7ea498519004332ba9c05a590aea94b 286096 libxml-security-c17_1.7.1-1_i386.deb
 53bf31f135735dc1a4e77f770583ddca139f0158 110762 libxml-security-c-dev_1.7.1-1_i386.deb
 a8919b98311177acd6d011286a857eaa5504ca69 122612 xml-security-c-utils_1.7.1-1_i386.deb
Checksums-Sha256:
 3ad17c63c5f4b100ce460522f79b58e5e9c50c726e08082875f714cfe49fcfa8 1301 xml-security-c_1.7.1-1.dsc
 3d306660702d620b30605627f970b90667ed967211a8fc26b3243e6d3abeb32e 875367 xml-security-c_1.7.1.orig.tar.gz
 096a7a3231e6aa0f2d22ae40adf608230fb336bed205d3d808a079249c4470a5 11932 xml-security-c_1.7.1-1.debian.tar.xz
 16fc6f7e41f35b6874c51cdbc4053c8e421c4f3547af5c43968344be1425e382 286096 libxml-security-c17_1.7.1-1_i386.deb
 5a1a70565ff675ab9ffd45792529ff14bf72aab1154e644df828183bf2def0dd 110762 libxml-security-c-dev_1.7.1-1_i386.deb
 0fbdbc4c908b5c24983889885f851f7b923ba8ed36eef68da03b62d10f617697 122612 xml-security-c-utils_1.7.1-1_i386.deb
Files:
 38597cdece45f21e651db36536d11175 1301 libs extra xml-security-c_1.7.1-1.dsc
 cce922e188afcd557636c53c58113bae 875367 libs extra xml-security-c_1.7.1.orig.tar.gz
 1ac3f4939b70531398384f2dbca5a9a0 11932 libs extra xml-security-c_1.7.1-1.debian.tar.xz
 d4dab530ca022ed3d43b47804ad0c21b 286096 libs extra libxml-security-c17_1.7.1-1_i386.deb
 47eb510cb43054bf6269f34adb641325 110762 libdevel extra libxml-security-c-dev_1.7.1-1_i386.deb
 e181455bc78dfd4e05288f82138d1128 122612 utils extra xml-security-c-utils_1.7.1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAABCAAGBQJRv+O4AAoJEH2AMVxXNt51YdIIALn2wkrtLYFd/j/p10T/68OW
jq3LkZF/7Sll/4JHERMjDQHT0qQGUReX7m9sueyMR4JBsp48qCs0zE86ly1xxsky
493USV0o8z1SMD67XmU7yNpz5y1F9rEw0KP7b3YdNh3/mzUK3k9znqe17SaktG3X
/I4ttFtYLz6ASFZ+i9VIRNGVwWCAxGzCbPBwzE6RR/MsCRW0d0vn7BVPXXEi8wah
SF4XHKkOF7zCsJCap0F1zY5O19v9kI4znKKJLVeFFTzWPExwZNmKrZaGWcOZJ4Ep
yIZIsr/NkU6PmCta9N+CeU79EDPg29oGa6aHnfDPvuH1G4B14AbgNYCaovlJ4A4=
=SU++
-----END PGP SIGNATURE-----

Russ Allbery (11):
      Imported Upstream version 1.7.1
      Merge tag 'upstream/1.7.1'
      Add changelog for upstream 1.7.1 release
      Update debian/copyright for the new upstream release
      Note new checksig --id option in changelog and man page
      Rename all the man pages to use the new xsec-* prefix
      Rename all tools to have an xsec-* prefix
      Merge branch 'fixes/utility-names'
      Rename the binaries to xsec-* instead of xmlsec-*
      Fix spelling error in changelog
      Finalize changes for 1.7.1-1

-----------------------------------------------------------------------

-- 
Debian packaging for XML-Security-C

More information about the Pkg-shibboleth-devel mailing list