Back to xml-security-c PTS page

Accepted xml-security-c 1.6.1-5+deb7u1 (source i386)

To: debian-changes@lists.debian.org
Subject: Accepted xml-security-c 1.6.1-5+deb7u1 (source i386)
From: Russ Allbery <rra@debian.org>
Date: Thu, 20 Jun 2013 22:17:05 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1UpnA9-0004aT-DN@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
Sender: Archive Administrator <dak@franck.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 17 Jun 2013 22:25:32 -0700
Source: xml-security-c
Binary: libxml-security-c16 libxml-security-c-dev
Architecture: source i386
Version: 1.6.1-5+deb7u1
Distribution: stable-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description: 
 libxml-security-c-dev - C++ library for XML Digital Signatures (development)
 libxml-security-c16 - C++ library for XML Digital Signatures (runtime)
Changes: 
 xml-security-c (1.6.1-5+deb7u1) stable-security; urgency=high
 .
   * Apply upstream patch to fix a spoofing vulnerability that allows an
     attacker to reuse existing signatures with arbitrary content.
     (CVE-2013-2153)
   * Apply upstream patch to fix a stack overflow in the processing of
     malformed XPointer expressions in the XML Signature Reference
     processing code.  (CVE-2013-2154)
   * Apply upstream patch to fix processing of the output length of an
     HMAC-based XML Signature that could cause a denial of service when
     processing specially chosen input.  (CVE-2013-2155)
   * Apply upstream patch to fix a heap overflow in the processing of the
     PrefixList attribute optionally used in conjunction with Exclusive
     Canonicalization, potentially allowing arbitrary code execution.
     (CVE-2013-2156)
Checksums-Sha1: 
 672c4fe4d84e7a242039fce066dd0e48270db1b8 1813 xml-security-c_1.6.1-5+deb7u1.dsc
 239304659752eb214f3516b6c457c99f0e6467c7 864366 xml-security-c_1.6.1.orig.tar.gz
 e02663825c4d0a2fe7eec4213debf7ec4f394054 11874 xml-security-c_1.6.1-5+deb7u1.debian.tar.gz
 58d74341079e57ef9f70e54c6507c1205716855c 375248 libxml-security-c16_1.6.1-5+deb7u1_i386.deb
 50b76eba534719931db9a90ca71c70964b562cd9 151234 libxml-security-c-dev_1.6.1-5+deb7u1_i386.deb
Checksums-Sha256: 
 30c8e9b3c4080a46128eaa1f180ffb923205c2be7787909a17d78a82b5cd9484 1813 xml-security-c_1.6.1-5+deb7u1.dsc
 73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd 864366 xml-security-c_1.6.1.orig.tar.gz
 92d65c29ca6c41c79261ded82d2678efb79981aff2e138f41643acb0bb475639 11874 xml-security-c_1.6.1-5+deb7u1.debian.tar.gz
 d094000713051e96172328fad12d450e3c994240b63032e92101e4c6b0e52f32 375248 libxml-security-c16_1.6.1-5+deb7u1_i386.deb
 0014888e3a485f34986aeae43832a9a1c97b85f0bdff4fd8d14d1ca28c4a2127 151234 libxml-security-c-dev_1.6.1-5+deb7u1_i386.deb
Files: 
 774319332f2f8881d79d18d99a407c84 1813 libs extra xml-security-c_1.6.1-5+deb7u1.dsc
 808316c80a7453b6d50a0bceb7ebe9bc 864366 libs extra xml-security-c_1.6.1.orig.tar.gz
 1395788da13ab0999ebdd2dfab74e73a 11874 libs extra xml-security-c_1.6.1-5+deb7u1.debian.tar.gz
 e7678e819e9f964c703e9961bc595f23 375248 libs extra libxml-security-c16_1.6.1-5+deb7u1_i386.deb
 eb14d6a5a5c59d0f111f5533c49118a5 151234 libdevel extra libxml-security-c-dev_1.6.1-5+deb7u1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJRv/CfAAoJEH2AMVxXNt51dIUH/20gzEXtzDU8F4zBjX53D7Rz
3m9BTjIfs4f0KldFSnj6JKSS3zxbTHWJy+8rHyjNq6xaw6pFEFeSRisxoI+JZTHp
VNmKSFYG10hMauPtXHp0lEVsAYyxiRe55JdMv8VHXy1Q+wJf209ydwO0aKbabOti
IVtGuAV87Vtauq+hluDGYMEU2iFWvC0F+StPyJS1StyqoCKBPN97ZvgdzHPQeTYh
dDOEHoCjmXRW1iEyhXHd/gBI0Jb9jmjPKVdSOSy+4xBDZP3D6qGIDaXxMSvvPHmL
FMvb2GCkCWkSX/GoHGg4usQThkxtHlU7KqSuZnT8jclZR+o9qGzlsKquEYCFHiA=
=BSqf
-----END PGP SIGNATURE-----