[SCM] Debian packaging for XML-Security-C branch, squeeze-backports, updated. debian/1.6.1-5+deb7u1_bpo60+1-1-gd82db95

Russ Allbery rra at debian.org
Sat Jun 29 21:04:51 UTC 2013 

The following commit has been merged in the squeeze-backports branch:
commit d82db95a3446a89a9640948664e725f686332ec9
Author: Russ Allbery <rra at debian.org>
Date:   Thu Jun 27 13:54:30 2013 -0700

    Apply upstream patch for heap overflow (CVE-2013-2210)
    
    * The attempted fix to address CVE-2013-2154 introduced the possibility
      of a heap overflow, possibly leading to arbitrary code execution, in
      the processing of malformed XPointer expressions in the XML Signature
      Reference processing code.  Apply upstream patch to fix that heap
      overflow.  (Closes: #714241, CVE-2013-2210)

diff --git a/debian/changelog b/debian/changelog
index c5cd705..6f12294 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-xml-security-c (1.6.1-5+deb7u1~bpo60+1) squeeze-backports; urgency=high
+xml-security-c (1.6.1-5+deb7u2~bpo60+1) squeeze-backports; urgency=high
 
   * Backport to oldstable.
   * Revert the change to use multiarch and force a non-multiarch libdir.
@@ -6,6 +6,16 @@ xml-security-c (1.6.1-5+deb7u1~bpo60+1) squeeze-backports; urgency=high
 
  -- Russ Allbery <rra at debian.org>  Tue, 18 Jun 2013 10:39:10 -0700
 
+xml-security-c (1.6.1-5+deb7u2) stable-security; urgency=high
+
+  * The attempted fix to address CVE-2013-2154 introduced the possibility
+    of a heap overflow, possibly leading to arbitrary code execution, in
+    the processing of malformed XPointer expressions in the XML Signature
+    Reference processing code.  Apply upstream patch to fix that heap
+    overflow.  (Closes: #714241, CVE-2013-2210)
+
+ -- Russ Allbery <rra at debian.org>  Thu, 27 Jun 2013 13:54:03 -0700
+
 xml-security-c (1.6.1-5+deb7u1) stable-security; urgency=high
 
   * Apply upstream patch to fix a spoofing vulnerability that allows an
diff --git a/xsec/dsig/DSIGReference.cpp b/xsec/dsig/DSIGReference.cpp
index 36c9d39..19c1a20 100644
--- a/xsec/dsig/DSIGReference.cpp
+++ b/xsec/dsig/DSIGReference.cpp
@@ -529,10 +529,15 @@ TXFMBase * DSIGReference::getURIBaseTXFM(DOMDocument * doc,
 			xsecsize_t j = 14, i = 0;
 
 			// Have an ID
-			while (URI[j] != '\'') {
+			while (i < len && URI[j] != '\'') {
 				tmp[i++] = URI[j++];
 			}
+
 			tmp[i] = XERCES_CPP_NAMESPACE_QUALIFIER chNull;
+			
+			if (URI[j] != '\'') {
+				throw XSECException(XSECException::UnsupportedXpointerExpr);	
+			}
 
 			to->setInput(doc, tmp);
 

-- 
Debian packaging for XML-Security-C

More information about the Pkg-shibboleth-devel mailing list