[SCM] Debian packaging for XML-Security-C branch, jessie, created. debian/1.6.1-5-1-gb746ed0
Russ Allbery
rra at debian.org
Tue Jun 18 05:44:45 UTC 2013
The branch, jessie has been created
at b746ed0682ae68d877ef6b5c83065c9e0af34efa (commit)
- Shortlog ------------------------------------------------------------
commit b746ed0682ae68d877ef6b5c83065c9e0af34efa
Author: Russ Allbery <rra at debian.org>
Date: Sun Jun 16 21:58:48 2013 -0700
Apply upstream security patches
* Apply upstream patch to fix a spoofing vulnerability that allows an
attacker to reuse existing signatures with arbitrary content.
(CVE-2013-2153)
* Apply upstream patch to fix a stack overflow in the processing of
malformed XPointer expressions in the XML Signature Reference
processing code. (CVE-2013-2154)
* Apply upstream patch to fix processing of the output length of an
HMAC-based XML Signature that could cause a denial of service when
processing specially chosen input. (CVE-2013-2155)
* Apply upstream patch to fix a heap overflow in the processing of the
PrefixList attribute optionally used in conjunction with Exclusive
Canonicalization, potentially allowing arbitrary code execution.
(CVE-2013-2156)
-----------------------------------------------------------------------
--
Debian packaging for XML-Security-C
More information about the Pkg-shibboleth-devel
mailing list