[SCM] Debian packaging for XML-Security-C annotated tag, debian/1.6.1-5+deb7u1, created. debian/1.6.1-5+deb7u1
Russ Allbery
rra at debian.org
Tue Jun 18 05:44:51 UTC 2013
The annotated tag, debian/1.6.1-5+deb7u1 has been created
at 06e25d58223fa2604dfb0b4a926c8bea19a57573 (tag)
tagging 9577046aea8cb49e2e7b9d32ad78c97b2640fb81 (commit)
replaces debian/1.6.1-5
tagged by Russ Allbery
on Mon Jun 17 22:30:31 2013 -0700
- Shortlog ------------------------------------------------------------
Debian release 1.6.1-5+deb7u1
Format: 1.8
Date: Mon, 17 Jun 2013 22:25:32 -0700
Source: xml-security-c
Binary: libxml-security-c16 libxml-security-c-dev
Architecture: source i386
Version: 1.6.1-5+deb7u1
Distribution: stable-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
Description:
libxml-security-c-dev - C++ library for XML Digital Signatures (development)
libxml-security-c16 - C++ library for XML Digital Signatures (runtime)
Changes:
xml-security-c (1.6.1-5+deb7u1) stable-security; urgency=high
.
* Apply upstream patch to fix a spoofing vulnerability that allows an
attacker to reuse existing signatures with arbitrary content.
(CVE-2013-2153)
* Apply upstream patch to fix a stack overflow in the processing of
malformed XPointer expressions in the XML Signature Reference
processing code. (CVE-2013-2154)
* Apply upstream patch to fix processing of the output length of an
HMAC-based XML Signature that could cause a denial of service when
processing specially chosen input. (CVE-2013-2155)
* Apply upstream patch to fix a heap overflow in the processing of the
PrefixList attribute optionally used in conjunction with Exclusive
Canonicalization, potentially allowing arbitrary code execution.
(CVE-2013-2156)
Checksums-Sha1:
fc28ad2fad0f51aae7b444d34d926e336e638b23 1273 xml-security-c_1.6.1-5+deb7u1.dsc
239304659752eb214f3516b6c457c99f0e6467c7 864366 xml-security-c_1.6.1.orig.tar.gz
e02663825c4d0a2fe7eec4213debf7ec4f394054 11874 xml-security-c_1.6.1-5+deb7u1.debian.tar.gz
58d74341079e57ef9f70e54c6507c1205716855c 375248 libxml-security-c16_1.6.1-5+deb7u1_i386.deb
50b76eba534719931db9a90ca71c70964b562cd9 151234 libxml-security-c-dev_1.6.1-5+deb7u1_i386.deb
Checksums-Sha256:
b361cea1856f162fcf9e598c3f1d84a57fadf7bc5082e0e67b7e0392554dacd2 1273 xml-security-c_1.6.1-5+deb7u1.dsc
73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd 864366 xml-security-c_1.6.1.orig.tar.gz
92d65c29ca6c41c79261ded82d2678efb79981aff2e138f41643acb0bb475639 11874 xml-security-c_1.6.1-5+deb7u1.debian.tar.gz
d094000713051e96172328fad12d450e3c994240b63032e92101e4c6b0e52f32 375248 libxml-security-c16_1.6.1-5+deb7u1_i386.deb
0014888e3a485f34986aeae43832a9a1c97b85f0bdff4fd8d14d1ca28c4a2127 151234 libxml-security-c-dev_1.6.1-5+deb7u1_i386.deb
Files:
2370aa261cebd861d08f4ad96fd6a3b1 1273 libs extra xml-security-c_1.6.1-5+deb7u1.dsc
808316c80a7453b6d50a0bceb7ebe9bc 864366 libs extra xml-security-c_1.6.1.orig.tar.gz
1395788da13ab0999ebdd2dfab74e73a 11874 libs extra xml-security-c_1.6.1-5+deb7u1.debian.tar.gz
e7678e819e9f964c703e9961bc595f23 375248 libs extra libxml-security-c16_1.6.1-5+deb7u1_i386.deb
eb14d6a5a5c59d0f111f5533c49118a5 151234 libdevel extra libxml-security-c-dev_1.6.1-5+deb7u1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQEcBAABCAAGBQJRv/CFAAoJEH2AMVxXNt51ZLMH/1rdxhBI3QrXdlC4CMOUOLcG
fvc4bjR/4gqG+amyaZDVZkDccpSoVuqgAP7Z9jzZ9YnahJ3ocSxqHpY0I0p0xFik
tmmaJR4Nb4gt8/0cS5b1gKYaKRkSsZaeBWQIqjo5n9R9ntM59Bc3kniIP6xfKk78
/1s0D7tDghZu7daqe9yH9daEyg8rTxfyd+sXOh+35zT1JwDDr9XnqUy+dbyRoWIC
TpA2+HRW+2eOVGZ+dDGEubk7bzhAsfy7okoGIMOe4TqE0ipLY44+V5h9llt57wCq
87HVEUZpeUKFVhMUq+cSvMDys30rCOvyiEfeRJITcJhI6btO+uzyt9KglbUnkrU=
=y4on
-----END PGP SIGNATURE-----
Russ Allbery (2):
Apply upstream security patches
Fix typo in changelog
-----------------------------------------------------------------------
--
Debian packaging for XML-Security-C
More information about the Pkg-shibboleth-devel
mailing list