xml-security-c_1.6.1-6_i386.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Tue Jun 18 05:48:08 UTC 2013 


Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 17 Jun 2013 22:25:32 -0700
Source: xml-security-c
Binary: libxml-security-c16 libxml-security-c-dev
Architecture: source i386
Version: 1.6.1-6
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Russ Allbery <rra at debian.org>
Description: 
 libxml-security-c-dev - C++ library for XML Digital Signatures (development)
 libxml-security-c16 - C++ library for XML Digital Signatures (runtime)
Changes: 
 xml-security-c (1.6.1-6) unstable; urgency=high
 .
   * Apply upstream patch to fix a spoofing vulnerability that allows an
     attacker to reuse existing signatures with arbitrary content.
     (CVE-2013-2153)
   * Apply upstream patch to fix a stack overflow in the processing of
     malformed XPointer expressions in the XML Signature Reference
     processing code.  (CVE-2013-2154)
   * Apply upstream patch to fix processing of the output length of an
     HMAC-based XML Signature that could cause a denial of service when
     processing specially chosen input.  (CVE-2013-2155)
   * Apply upstream patch to fix a heap overflow in the processing of the
     PrefixList attribute optionally used in conjunction with Exclusive
     Canonicalization, potentially allowing arbitrary code execution.
     (CVE-2013-2156)
Checksums-Sha1: 
 45ba1595af8e204374ee77fd7b56914c8f1c5059 1785 xml-security-c_1.6.1-6.dsc
 461ca76f00d5bc93bf4f8b4b1b2f610e2a538559 11710 xml-security-c_1.6.1-6.debian.tar.gz
 8cb9168d96ee39c928f8e8b299e4c0e23b8ff703 369536 libxml-security-c16_1.6.1-6_i386.deb
 f5c6826e8726831f1e21a0fa2bc244c11a37e0ba 151214 libxml-security-c-dev_1.6.1-6_i386.deb
Checksums-Sha256: 
 9550bfa8eb7d9af144c88e02afb30afd057ba6d9edcbe43db5ece49e6cc353e1 1785 xml-security-c_1.6.1-6.dsc
 da3a4a694679319645aaf8a68cd95d0958b0fdf9b226655048a5be77faac5330 11710 xml-security-c_1.6.1-6.debian.tar.gz
 a6d85dcf7c716ce53a9a3e3d15868455c9e97a8d7d7e55ff01fe51aa4c569d7d 369536 libxml-security-c16_1.6.1-6_i386.deb
 de89b954941647b8cd1cf31366b87306391a431d514173b8bcf6dcfa5a770d34 151214 libxml-security-c-dev_1.6.1-6_i386.deb
Files: 
 914b262f3607b20c018edef6b372ac17 1785 libs extra xml-security-c_1.6.1-6.dsc
 ef0a096023f4fd1509a522d53dd39ffb 11710 libs extra xml-security-c_1.6.1-6.debian.tar.gz
 e582ebb337b3162556b8accea649bc72 369536 libs extra libxml-security-c16_1.6.1-6_i386.deb
 858ea72ce94a2d4bab88dd2eec1481ac 151214 libdevel extra libxml-security-c-dev_1.6.1-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJRv/OpAAoJEH2AMVxXNt51hnsH/ipPq2Gsw8YorIf3w8+1Xl4Q
pgL6QtBKyjqui962qqVWm8b5sBrhLKNADW5OJbT+BqurbFHmqGsjHwtZdveFcDU4
MPF1b+mPpHD6Akgy6e9yOvrFTlcO7RMghdvxO9klsHMzCTC2mB2kecgTvVZDo4HH
2FpDCop/lAlkSmfJ6GDdqOK/UMFUC7SU3+1RrJQVJnTi1+VjwQ+F4ib1GytQzCKt
xbfumNE1mG8QJtv5WG51aeiKeHVn/ciBCAppH7/1kOeM5PHbCqaxPXk1RuJKVJhB
qWjnwS250skVNpr7wk/QjN+j8TGKPSQFA54OR+FdhXDFB8guhUkbTWx1/WhGd/k=
=5r2m
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.

More information about the Pkg-shibboleth-devel mailing list