Back to xml-security-c PTS page

Accepted xml-security-c 1.5.1-3+squeeze2 (source i386)

To: debian-changes@lists.debian.org
Subject: Accepted xml-security-c 1.5.1-3+squeeze2 (source i386)
From: Russ Allbery <rra@debian.org>
Date: Thu, 20 Jun 2013 22:18:34 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1UpnBa-0004sV-JN@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
Sender: Archive Administrator <dak@franck.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 17 Jun 2013 22:32:25 -0700
Source: xml-security-c
Binary: libxml-security-c15 libxml-security-c-dev
Architecture: source i386
Version: 1.5.1-3+squeeze2
Distribution: oldstable-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description: 
 libxml-security-c-dev - C++ library for XML Digital Signatures (development)
 libxml-security-c15 - C++ library for XML Digital Signatures (runtime)
Changes: 
 xml-security-c (1.5.1-3+squeeze2) oldstable-security; urgency=high
 .
   * Apply upstream patch to fix a spoofing vulnerability that allows an
     attacker to reuse existing signatures with arbitrary content.
     (CVE-2013-2153)
   * Apply upstream patch to fix a stack overflow in the processing of
     malformed XPointer expressions in the XML Signature Reference
     processing code.  (CVE-2013-2154)
   * Apply upstream patch to fix processing of the output length of an
     HMAC-based XML Signature that could cause a denial of service when
     processing specially chosen input.  (CVE-2013-2155)
   * Apply upstream patch to fix a heap overflow in the processing of the
     PrefixList attribute optionally used in conjunction with Exclusive
     Canonicalization, potentially allowing arbitrary code execution.
     (CVE-2013-2156)
Checksums-Sha1: 
 67c5be50327dc2e9116c9c769dee0e9eb9aeffc5 1670 xml-security-c_1.5.1-3+squeeze2.dsc
 448c817fd7f23a7af95d8140c3acb873c4742ccd 11409 xml-security-c_1.5.1-3+squeeze2.diff.gz
 56f6a0843ed407e7f1251fea0ffe55467531f767 353826 libxml-security-c15_1.5.1-3+squeeze2_i386.deb
 440a28a29bbed621517031025dfb6fc2d8deeb7c 141818 libxml-security-c-dev_1.5.1-3+squeeze2_i386.deb
Checksums-Sha256: 
 c7d1e604f59223eb072c9afe44c541b7ef7fe284793335092ffa945aeaef5205 1670 xml-security-c_1.5.1-3+squeeze2.dsc
 84a63e5ab73d1bb411ac13c37378321fa75aa99b6702293fffbee178bbd4865b 11409 xml-security-c_1.5.1-3+squeeze2.diff.gz
 a7f27e86e2699926ce4e77801190725939f2769b53e585f29167acfa361e6b88 353826 libxml-security-c15_1.5.1-3+squeeze2_i386.deb
 9c245f62b344db23bf222dfe99ce82a42bc820ed72d0e054033919c5d4af8efb 141818 libxml-security-c-dev_1.5.1-3+squeeze2_i386.deb
Files: 
 911c68dd89f18793c4cc50fc34b77efa 1670 libs extra xml-security-c_1.5.1-3+squeeze2.dsc
 b89ef9b4f5e5b7fbf3cc47d7d313fe99 11409 libs extra xml-security-c_1.5.1-3+squeeze2.diff.gz
 f2810505d4c302e9d3773ba57ad6bf76 353826 libs extra libxml-security-c15_1.5.1-3+squeeze2_i386.deb
 433a487e2e0c68589971bc1f4b9b6d43 141818 libdevel extra libxml-security-c-dev_1.5.1-3+squeeze2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBCAAGBQJRv/IIAAoJEH2AMVxXNt51jZsH/RVeZodvEArMO1CjyypWUGpI
WW3aMHwjtiNJJUwMNP0LxMjFy23p6bsEDRN82nIPgvMAQc28VBLplrARwS3blYkS
+ESCBAb0NTkSoLL4KGJh2c7j79b7U6idYkxfZBKvjzBElH+dMy19aNFZhTHeqVN4
AOuFP2uwrsT9ZqMLIo78+pWqA5DjDfGUwJ1zJhhEluAg/ezXXHCvoZsHXXeEGho4
60IBA8OoS3lABa9MbOhkMY+WowiO1pp8BS+YTovH2xSZNnnihyX+1g3Wrg194uCH
gEwOqECDHdh4KXX9Cz1ePwGCP8gy4wyAVwf4m+xn1SHjVOrz9Gt0O3SUuA72YA8=
=rajy
-----END PGP SIGNATURE-----