Bug#922984: xml-security-c: ECDSA XML signature generation segmentation fault
wferi at niif.hu
wferi at niif.hu
Sun Feb 24 13:17:03 GMT 2019
Alejandro Claro <alejandro.claro at smartmatic.com> writes:
> We found a bug in Apache Santuario C, related to ECDSA signature
> generation, few years ego. We provide the fix to the Apache team, and
> Scott Cantor kindly accepted the fix in the project. How ever the fix
> was introduced in series 2.x of the the library.
Dear Alejandro,
I can propose your fix for the next stable update, but I don't know when
that will be released. On the other hand, if this buffer overflow leads
to an exploitable vulnerability, the Security Team could fast-track the
fix. Have you got such a scenario?
--
Thanks,
Feri
More information about the Pkg-shibboleth-devel
mailing list