[SCM] Debian packaging for XML-Security-C branch, wheezy, created. debian/1.6.1-5-2-g9577046
Russ Allbery
rra at debian.org
Tue Jun 18 05:44:45 UTC 2013
The branch, wheezy has been created
at 9577046aea8cb49e2e7b9d32ad78c97b2640fb81 (commit)
- Shortlog ------------------------------------------------------------
commit 9577046aea8cb49e2e7b9d32ad78c97b2640fb81
Author: Russ Allbery <rra at debian.org>
Date: Mon Jun 17 22:25:47 2013 -0700
Fix typo in changelog
commit 330b65e4104e1744b6ee9b4e4a49bbc97ccbd563
Author: Russ Allbery <rra at debian.org>
Date: Sun Jun 16 21:58:48 2013 -0700
Apply upstream security patches
* Apply upstream patch to fix a spoofing vulnerability that allows an
attacker to reuse existing signatures with arbitrary content.
(CVE-2013-2153)
* Apply upstream patch to fix a stack overflow in the processing of
malformed XPointer expressions in the XML Signature Reference
processing code. (CVE-2013-2154)
* Apply upstream patch to fix processing of the output length of an
HMAC-based XML Signature that could cause a denial of service when
processing specially chosen input. (CVE-2013-2155)
* Apply upstream patch to fix a heap overflow in the processing of the
PrefixList attribute optionally used in conjunction with Exclusive
Canonicalization, potentially allowing arbitary code execution.
(CVE-2013-2156)
-----------------------------------------------------------------------
--
Debian packaging for XML-Security-C
More information about the Pkg-shibboleth-devel
mailing list