Bug#913136: xml-security-c: DSA verification crashes OpenSSL on invalid combinations of key content

Ferenc W√°gner wferi at debian.org
Wed Nov 7 11:50:51 GMT 2018

Source: xml-security-c
Version: 1.2.1-3
Severity: important
Tags: patch upstream security
Forwarded: https://issues.apache.org/jira/browse/SANTUARIO-496
Control: fixed 2.0.2-1

Particular KeyInfo combinations result in incomplete DSA key structures
that OpenSSL can't handle without crashing.

Very similar to #905332.

More information about the Pkg-shibboleth-devel mailing list