Bug#714241: xml-security-c: CVE-2013-2210
Salvatore Bonaccorso
carnil at debian.org
Thu Jun 27 07:01:26 UTC 2013
Package: xml-security-c
Severity: grave
Tags: security patch
Justification: user security hole
Hi Russ,
the following vulnerability was published for xml-security-c. It looks
the fix for CVE-2013-2154 introduced the possibility of a heap overflow.
CVE-2013-2210[0]:
heap overflow during XPointer evaluation
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2210
http://security-tracker.debian.org/tracker/CVE-2013-2210
[1] http://santuario.apache.org/secadv.data/CVE-2013-2210.txt
[2] http://svn.apache.org/viewvc?view=revision&revision=r1496703
Could you double check this, and prepare packages for squeeze and
wheezy too?
Regards,
Salvatore
More information about the Pkg-shibboleth-devel
mailing list