Bug#922984: xml-security-c: ECDSA XML signature generation segmentation fault

wferi at niif.hu wferi at niif.hu
Sun Feb 24 13:17:03 GMT 2019

Alejandro Claro <alejandro.claro at smartmatic.com> writes:

> We found a bug in Apache Santuario C, related to ECDSA signature
> generation, few years ego. We provide the fix to the Apache team, and
> Scott Cantor kindly accepted the fix in the project. How ever the fix
> was introduced in series 2.x of the the library.

Dear Alejandro,

I can propose your fix for the next stable update, but I don't know when
that will be released.  On the other hand, if this buffer overflow leads
to an exploitable vulnerability, the Security Team could fast-track the
fix.  Have you got such a scenario?

More information about the Pkg-shibboleth-devel mailing list