xml-security-c_1.7.1-1_i386.changes ACCEPTED into experimental
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Tue Jun 18 04:48:23 UTC 2013
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 17 Jun 2013 21:27:58 -0700
Source: xml-security-c
Binary: libxml-security-c17 libxml-security-c-dev xml-security-c-utils
Architecture: source i386
Version: 1.7.1-1
Distribution: experimental
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
Description:
libxml-security-c-dev - C++ library for XML Digital Signatures (development)
libxml-security-c17 - C++ library for XML Digital Signatures (runtime)
xml-security-c-utils - C++ library for XML Digital Signatures (utilities)
Changes:
xml-security-c (1.7.1-1) experimental; urgency=high
.
* New upstream release.
- Fix a spoofing vulnerability that allows an attacker to reuse
existing signatures with arbitrary content. (CVE-2013-2153)
- Fix a stack overflow in the processing of malformed XPointer
expressions in the XML Signature Reference processing code.
(CVE-2013-2154)
- Fix processing of the output length of an HMAC-based XML Signature
that could cause a denial of service when processing specially
chosen input. (CVE-2013-2155)
- Fix a heap overflow in the processing of the PrefixList attribute
optionally used in conjunction with Exclusive Canonicalization,
potentially allowing arbitrary code execution. (CVE-2013-2156)
- Reduce entity expansion limits when parsing.
- New --id option to the xenc-checksig utility.
* Rename the binaries in the xml-security-c-utils package to start with
xsec-* instead of xmlsec-*. This reflects the common abbreviation
used by the package.
Checksums-Sha1:
6aa4f945d377372be46b4a313a4c7036de2ef4d2 1841 xml-security-c_1.7.1-1.dsc
4253f691fe2cde5bc4a3bdf557b9566eb1c769e6 875367 xml-security-c_1.7.1.orig.tar.gz
17b6ddbfc01e507dc46e3aa8ea0c162f6bc4016e 11932 xml-security-c_1.7.1-1.debian.tar.xz
a9ed8e54e7ea498519004332ba9c05a590aea94b 286096 libxml-security-c17_1.7.1-1_i386.deb
53bf31f135735dc1a4e77f770583ddca139f0158 110762 libxml-security-c-dev_1.7.1-1_i386.deb
a8919b98311177acd6d011286a857eaa5504ca69 122612 xml-security-c-utils_1.7.1-1_i386.deb
Checksums-Sha256:
d140e13cf5532181cf7c35bf89c996e450ebec2afa8ddc4fb935edb3d90597f2 1841 xml-security-c_1.7.1-1.dsc
3d306660702d620b30605627f970b90667ed967211a8fc26b3243e6d3abeb32e 875367 xml-security-c_1.7.1.orig.tar.gz
096a7a3231e6aa0f2d22ae40adf608230fb336bed205d3d808a079249c4470a5 11932 xml-security-c_1.7.1-1.debian.tar.xz
16fc6f7e41f35b6874c51cdbc4053c8e421c4f3547af5c43968344be1425e382 286096 libxml-security-c17_1.7.1-1_i386.deb
5a1a70565ff675ab9ffd45792529ff14bf72aab1154e644df828183bf2def0dd 110762 libxml-security-c-dev_1.7.1-1_i386.deb
0fbdbc4c908b5c24983889885f851f7b923ba8ed36eef68da03b62d10f617697 122612 xml-security-c-utils_1.7.1-1_i386.deb
Files:
c34494db2e81cf2e81b733ee29bc6e2c 1841 libs extra xml-security-c_1.7.1-1.dsc
cce922e188afcd557636c53c58113bae 875367 libs extra xml-security-c_1.7.1.orig.tar.gz
1ac3f4939b70531398384f2dbca5a9a0 11932 libs extra xml-security-c_1.7.1-1.debian.tar.xz
d4dab530ca022ed3d43b47804ad0c21b 286096 libs extra libxml-security-c17_1.7.1-1_i386.deb
47eb510cb43054bf6269f34adb641325 110762 libdevel extra libxml-security-c-dev_1.7.1-1_i386.deb
e181455bc78dfd4e05288f82138d1128 122612 utils extra xml-security-c-utils_1.7.1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAEBCAAGBQJRv+PwAAoJEH2AMVxXNt51DsMIAL3a+IKok/U2ptMsKMRrAtU6
+EKQ1c6PcaZn9r1rTslQq1dR4R4542iHZli3aZ6nl/lUywNaze8tHU9J82EQkjtP
Afnwb0w9ibDECx9kOGl00kLyWUoH9TROMKNz5Ywl89gou9CfLcOE9u1fLzdlqhzY
AWqjfm9URM4LKyEQZKk3XKDEZU1RCo/PBM8PrMB9GwC0f80dztj4cP/2hu0r1zPp
ukictis+buhxrs8qcbTEWLg9v5HTvpf/4ThJKf7juci3xkQn7v+oHV5lNV7rEU+S
O8xGb3GhLiTHtsa2Rsjh8lF/PWTeu3D6yJoMy06kZyBHWuVdyf+BZWZE8MtbKgs=
=GJ5+
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the Pkg-shibboleth-devel
mailing list