Bug#913136: xml-security-c: DSA verification crashes OpenSSL on invalid combinations of key content
Ferenc Wágner
wferi at debian.org
Wed Nov 7 11:50:51 GMT 2018
Source: xml-security-c
Version: 1.2.1-3
Severity: important
Tags: patch upstream security
Forwarded: https://issues.apache.org/jira/browse/SANTUARIO-496
Control: fixed 2.0.2-1
Particular KeyInfo combinations result in incomplete DSA key structures
that OpenSSL can't handle without crashing.
Very similar to #905332.
More information about the Pkg-shibboleth-devel
mailing list