[SCM] Debian packaging for XML-Security-C annotated tag, debian/1.5.1-3+squeeze2, created. debian/1.5.1-3+squeeze2

Russ Allbery rra at debian.org
Tue Jun 18 05:44:51 UTC 2013 

The annotated tag, debian/1.5.1-3+squeeze2 has been created
        at  68ba2cd7aa3142ad756094044e1f599c29572ea6 (tag)
   tagging  570de2f65d23d88c60c63e97dde6ff09f68c93f2 (commit)
  replaces  debian/1.5.1-3+squeeze1
 tagged by  Russ Allbery
        on  Mon Jun 17 22:36:22 2013 -0700

- Shortlog ------------------------------------------------------------
Debian release 1.5.1-3+squeeze2

Format: 1.8
Date: Mon, 17 Jun 2013 22:32:25 -0700
Source: xml-security-c
Binary: libxml-security-c15 libxml-security-c-dev
Architecture: source i386
Version: 1.5.1-3+squeeze2
Distribution: oldstable-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
Description:
 libxml-security-c-dev - C++ library for XML Digital Signatures (development)
 libxml-security-c15 - C++ library for XML Digital Signatures (runtime)
Changes:
 xml-security-c (1.5.1-3+squeeze2) oldstable-security; urgency=high
 .
   * Apply upstream patch to fix a spoofing vulnerability that allows an
     attacker to reuse existing signatures with arbitrary content.
     (CVE-2013-2153)
   * Apply upstream patch to fix a stack overflow in the processing of
     malformed XPointer expressions in the XML Signature Reference
     processing code.  (CVE-2013-2154)
   * Apply upstream patch to fix processing of the output length of an
     HMAC-based XML Signature that could cause a denial of service when
     processing specially chosen input.  (CVE-2013-2155)
   * Apply upstream patch to fix a heap overflow in the processing of the
     PrefixList attribute optionally used in conjunction with Exclusive
     Canonicalization, potentially allowing arbitrary code execution.
     (CVE-2013-2156)
Checksums-Sha1:
 3ce5cbbc8f4b7a7b4dc35b7f31fb2a0177579f4f 1130 xml-security-c_1.5.1-3+squeeze2.dsc
 448c817fd7f23a7af95d8140c3acb873c4742ccd 11409 xml-security-c_1.5.1-3+squeeze2.diff.gz
 56f6a0843ed407e7f1251fea0ffe55467531f767 353826 libxml-security-c15_1.5.1-3+squeeze2_i386.deb
 440a28a29bbed621517031025dfb6fc2d8deeb7c 141818 libxml-security-c-dev_1.5.1-3+squeeze2_i386.deb
Checksums-Sha256:
 b93c0c02cd99f460e631452116319c693b3f6f10a5987a1b8d1f17d943c879af 1130 xml-security-c_1.5.1-3+squeeze2.dsc
 84a63e5ab73d1bb411ac13c37378321fa75aa99b6702293fffbee178bbd4865b 11409 xml-security-c_1.5.1-3+squeeze2.diff.gz
 a7f27e86e2699926ce4e77801190725939f2769b53e585f29167acfa361e6b88 353826 libxml-security-c15_1.5.1-3+squeeze2_i386.deb
 9c245f62b344db23bf222dfe99ce82a42bc820ed72d0e054033919c5d4af8efb 141818 libxml-security-c-dev_1.5.1-3+squeeze2_i386.deb
Files:
 62e66f9ee91a9eace826cf2805d20fc7 1130 libs extra xml-security-c_1.5.1-3+squeeze2.dsc
 b89ef9b4f5e5b7fbf3cc47d7d313fe99 11409 libs extra xml-security-c_1.5.1-3+squeeze2.diff.gz
 f2810505d4c302e9d3773ba57ad6bf76 353826 libs extra libxml-security-c15_1.5.1-3+squeeze2_i386.deb
 433a487e2e0c68589971bc1f4b9b6d43 141818 libdevel extra libxml-security-c-dev_1.5.1-3+squeeze2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAABCAAGBQJRv/HyAAoJEH2AMVxXNt5188cIAKFBsjRJD4ilrmIcKsm80an1
Tp5wqdh16/jGzXRgxmY9r5VzEVn5/IA2YOBMf38wrd4oQ2/6tF6MgqjDIuuqiGl6
ljhF26gET60WntrdYmnet0ub4E1JDTC9vjE3EQOaiJV2GfCF583qNDiJmsTRU2Mv
ZpUdgyhRpMGgVjdFISsAhEhYikaRybaHBHVe4XaKpdV4gFvks5KEs6NHBZk970Lz
SVeS9esQ5ie1ALE4fLe9nrAbZukWok4o0wGwITNrSKmoIXobLrhyIBz2GJpNX7Ag
Nwbq5nwG/ZWfgo3fM/fKql9kpm91oP/hkJYKYQTjSUCWIDInpRFzM1zcJhBlb54=
=THGU
-----END PGP SIGNATURE-----

Russ Allbery (2):
      Apply upstream security patches
      Fix typo in changelog

-----------------------------------------------------------------------

-- 
Debian packaging for XML-Security-C

More information about the Pkg-shibboleth-devel mailing list