[SCM] Debian packaging for XML-Security-C annotated tag, debian/1.6.1-5+deb7u1, created. debian/1.6.1-5+deb7u1

Russ Allbery rra at debian.org
Tue Jun 18 05:44:51 UTC 2013


The annotated tag, debian/1.6.1-5+deb7u1 has been created
        at  06e25d58223fa2604dfb0b4a926c8bea19a57573 (tag)
   tagging  9577046aea8cb49e2e7b9d32ad78c97b2640fb81 (commit)
  replaces  debian/1.6.1-5
 tagged by  Russ Allbery
        on  Mon Jun 17 22:30:31 2013 -0700

- Shortlog ------------------------------------------------------------
Debian release 1.6.1-5+deb7u1

Format: 1.8
Date: Mon, 17 Jun 2013 22:25:32 -0700
Source: xml-security-c
Binary: libxml-security-c16 libxml-security-c-dev
Architecture: source i386
Version: 1.6.1-5+deb7u1
Distribution: stable-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
Description:
 libxml-security-c-dev - C++ library for XML Digital Signatures (development)
 libxml-security-c16 - C++ library for XML Digital Signatures (runtime)
Changes:
 xml-security-c (1.6.1-5+deb7u1) stable-security; urgency=high
 .
   * Apply upstream patch to fix a spoofing vulnerability that allows an
     attacker to reuse existing signatures with arbitrary content.
     (CVE-2013-2153)
   * Apply upstream patch to fix a stack overflow in the processing of
     malformed XPointer expressions in the XML Signature Reference
     processing code.  (CVE-2013-2154)
   * Apply upstream patch to fix processing of the output length of an
     HMAC-based XML Signature that could cause a denial of service when
     processing specially chosen input.  (CVE-2013-2155)
   * Apply upstream patch to fix a heap overflow in the processing of the
     PrefixList attribute optionally used in conjunction with Exclusive
     Canonicalization, potentially allowing arbitrary code execution.
     (CVE-2013-2156)
Checksums-Sha1:
 fc28ad2fad0f51aae7b444d34d926e336e638b23 1273 xml-security-c_1.6.1-5+deb7u1.dsc
 239304659752eb214f3516b6c457c99f0e6467c7 864366 xml-security-c_1.6.1.orig.tar.gz
 e02663825c4d0a2fe7eec4213debf7ec4f394054 11874 xml-security-c_1.6.1-5+deb7u1.debian.tar.gz
 58d74341079e57ef9f70e54c6507c1205716855c 375248 libxml-security-c16_1.6.1-5+deb7u1_i386.deb
 50b76eba534719931db9a90ca71c70964b562cd9 151234 libxml-security-c-dev_1.6.1-5+deb7u1_i386.deb
Checksums-Sha256:
 b361cea1856f162fcf9e598c3f1d84a57fadf7bc5082e0e67b7e0392554dacd2 1273 xml-security-c_1.6.1-5+deb7u1.dsc
 73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd 864366 xml-security-c_1.6.1.orig.tar.gz
 92d65c29ca6c41c79261ded82d2678efb79981aff2e138f41643acb0bb475639 11874 xml-security-c_1.6.1-5+deb7u1.debian.tar.gz
 d094000713051e96172328fad12d450e3c994240b63032e92101e4c6b0e52f32 375248 libxml-security-c16_1.6.1-5+deb7u1_i386.deb
 0014888e3a485f34986aeae43832a9a1c97b85f0bdff4fd8d14d1ca28c4a2127 151234 libxml-security-c-dev_1.6.1-5+deb7u1_i386.deb
Files:
 2370aa261cebd861d08f4ad96fd6a3b1 1273 libs extra xml-security-c_1.6.1-5+deb7u1.dsc
 808316c80a7453b6d50a0bceb7ebe9bc 864366 libs extra xml-security-c_1.6.1.orig.tar.gz
 1395788da13ab0999ebdd2dfab74e73a 11874 libs extra xml-security-c_1.6.1-5+deb7u1.debian.tar.gz
 e7678e819e9f964c703e9961bc595f23 375248 libs extra libxml-security-c16_1.6.1-5+deb7u1_i386.deb
 eb14d6a5a5c59d0f111f5533c49118a5 151234 libdevel extra libxml-security-c-dev_1.6.1-5+deb7u1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAABCAAGBQJRv/CFAAoJEH2AMVxXNt51ZLMH/1rdxhBI3QrXdlC4CMOUOLcG
fvc4bjR/4gqG+amyaZDVZkDccpSoVuqgAP7Z9jzZ9YnahJ3ocSxqHpY0I0p0xFik
tmmaJR4Nb4gt8/0cS5b1gKYaKRkSsZaeBWQIqjo5n9R9ntM59Bc3kniIP6xfKk78
/1s0D7tDghZu7daqe9yH9daEyg8rTxfyd+sXOh+35zT1JwDDr9XnqUy+dbyRoWIC
TpA2+HRW+2eOVGZ+dDGEubk7bzhAsfy7okoGIMOe4TqE0ipLY44+V5h9llt57wCq
87HVEUZpeUKFVhMUq+cSvMDys30rCOvyiEfeRJITcJhI6btO+uzyt9KglbUnkrU=
=y4on
-----END PGP SIGNATURE-----

Russ Allbery (2):
      Apply upstream security patches
      Fix typo in changelog

-----------------------------------------------------------------------

-- 
Debian packaging for XML-Security-C



More information about the Pkg-shibboleth-devel mailing list