[SCM] Debian packaging for XML-Security-C annotated tag, debian/1.5.1-3+squeeze2, created. debian/1.5.1-3+squeeze2
Russ Allbery
rra at debian.org
Tue Jun 18 05:44:51 UTC 2013
The annotated tag, debian/1.5.1-3+squeeze2 has been created
at 68ba2cd7aa3142ad756094044e1f599c29572ea6 (tag)
tagging 570de2f65d23d88c60c63e97dde6ff09f68c93f2 (commit)
replaces debian/1.5.1-3+squeeze1
tagged by Russ Allbery
on Mon Jun 17 22:36:22 2013 -0700
- Shortlog ------------------------------------------------------------
Debian release 1.5.1-3+squeeze2
Format: 1.8
Date: Mon, 17 Jun 2013 22:32:25 -0700
Source: xml-security-c
Binary: libxml-security-c15 libxml-security-c-dev
Architecture: source i386
Version: 1.5.1-3+squeeze2
Distribution: oldstable-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
Description:
libxml-security-c-dev - C++ library for XML Digital Signatures (development)
libxml-security-c15 - C++ library for XML Digital Signatures (runtime)
Changes:
xml-security-c (1.5.1-3+squeeze2) oldstable-security; urgency=high
.
* Apply upstream patch to fix a spoofing vulnerability that allows an
attacker to reuse existing signatures with arbitrary content.
(CVE-2013-2153)
* Apply upstream patch to fix a stack overflow in the processing of
malformed XPointer expressions in the XML Signature Reference
processing code. (CVE-2013-2154)
* Apply upstream patch to fix processing of the output length of an
HMAC-based XML Signature that could cause a denial of service when
processing specially chosen input. (CVE-2013-2155)
* Apply upstream patch to fix a heap overflow in the processing of the
PrefixList attribute optionally used in conjunction with Exclusive
Canonicalization, potentially allowing arbitrary code execution.
(CVE-2013-2156)
Checksums-Sha1:
3ce5cbbc8f4b7a7b4dc35b7f31fb2a0177579f4f 1130 xml-security-c_1.5.1-3+squeeze2.dsc
448c817fd7f23a7af95d8140c3acb873c4742ccd 11409 xml-security-c_1.5.1-3+squeeze2.diff.gz
56f6a0843ed407e7f1251fea0ffe55467531f767 353826 libxml-security-c15_1.5.1-3+squeeze2_i386.deb
440a28a29bbed621517031025dfb6fc2d8deeb7c 141818 libxml-security-c-dev_1.5.1-3+squeeze2_i386.deb
Checksums-Sha256:
b93c0c02cd99f460e631452116319c693b3f6f10a5987a1b8d1f17d943c879af 1130 xml-security-c_1.5.1-3+squeeze2.dsc
84a63e5ab73d1bb411ac13c37378321fa75aa99b6702293fffbee178bbd4865b 11409 xml-security-c_1.5.1-3+squeeze2.diff.gz
a7f27e86e2699926ce4e77801190725939f2769b53e585f29167acfa361e6b88 353826 libxml-security-c15_1.5.1-3+squeeze2_i386.deb
9c245f62b344db23bf222dfe99ce82a42bc820ed72d0e054033919c5d4af8efb 141818 libxml-security-c-dev_1.5.1-3+squeeze2_i386.deb
Files:
62e66f9ee91a9eace826cf2805d20fc7 1130 libs extra xml-security-c_1.5.1-3+squeeze2.dsc
b89ef9b4f5e5b7fbf3cc47d7d313fe99 11409 libs extra xml-security-c_1.5.1-3+squeeze2.diff.gz
f2810505d4c302e9d3773ba57ad6bf76 353826 libs extra libxml-security-c15_1.5.1-3+squeeze2_i386.deb
433a487e2e0c68589971bc1f4b9b6d43 141818 libdevel extra libxml-security-c-dev_1.5.1-3+squeeze2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABCAAGBQJRv/HyAAoJEH2AMVxXNt5188cIAKFBsjRJD4ilrmIcKsm80an1
Tp5wqdh16/jGzXRgxmY9r5VzEVn5/IA2YOBMf38wrd4oQ2/6tF6MgqjDIuuqiGl6
ljhF26gET60WntrdYmnet0ub4E1JDTC9vjE3EQOaiJV2GfCF583qNDiJmsTRU2Mv
ZpUdgyhRpMGgVjdFISsAhEhYikaRybaHBHVe4XaKpdV4gFvks5KEs6NHBZk970Lz
SVeS9esQ5ie1ALE4fLe9nrAbZukWok4o0wGwITNrSKmoIXobLrhyIBz2GJpNX7Ag
Nwbq5nwG/ZWfgo3fM/fKql9kpm91oP/hkJYKYQTjSUCWIDInpRFzM1zcJhBlb54=
=THGU
-----END PGP SIGNATURE-----
Russ Allbery (2):
Apply upstream security patches
Fix typo in changelog
-----------------------------------------------------------------------
--
Debian packaging for XML-Security-C
More information about the Pkg-shibboleth-devel
mailing list