Accepted xml-security-c 1.7.2-3+deb8u1 (source i386) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 5 Aug 2018 20:09:30 CEST
Source: xml-security-c
Binary: libxml-security-c17 libxml-security-c-dev xml-security-c-utils
Architecture: source i386
Version: 1.7.2-3+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
libxml-security-c-dev - C++ library for XML Digital Signatures (development)
libxml-security-c17 - C++ library for XML Digital Signatures (runtime)
xml-security-c-utils - C++ library for XML Digital Signatures (utilities)
Closes: 905332
Changes:
xml-security-c (1.7.2-3+deb8u1) jessie-security; urgency=high
.
* [109db8e] New patch: Default KeyInfo resolver doesn't check for empty
element content.
The Apache Santuario XML Security for C++ library contained a
number of code paths at risk of dereferencing null pointers when
processing various kinds of malformed KeyInfo hints typically found
in signed or encrypted XML. The usual effect is a crash, and in the
case of the Shibboleth SP software, a crash in the shibd daemon.
Upstream bug:
https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491
CVE: not assigned yet
Thanks to Scott Cantor (Closes: #905332)
* [4dafdb4] Replace Russ in Uploaders
Checksums-Sha256:
06f1c4bf0ec2c611a877231f202d2006b49aa14c305e34bf8a943b501859fa83 2239 xml-security-c_1.7.2-3+deb8u1.dsc
a4bf1c14c49a550f0e3a0485f406771f064ac9e7b29f637ff69ee6c4d883e78c 15664 xml-security-c_1.7.2-3+deb8u1.debian.tar.xz
e25247b8410fe0d1fa103f6b77b5b13a48389c7642a6d1727cc5100964e03dcc 276534 libxml-security-c17_1.7.2-3+deb8u1_i386.deb
9fbeba7fcfafe411a0597537f120ccdebb62fc7c9921bb3e9308b3315fb57182 111744 libxml-security-c-dev_1.7.2-3+deb8u1_i386.deb
33d17490d2b77f057d52bf28c33fd093e6dfb14bf3caf6acba8d8e0d71715e0a 126956 xml-security-c-utils_1.7.2-3+deb8u1_i386.deb
d576b07bb843eaebfde3be01301db40504ea8e8e477c0ad5f739b07022445452 875465 xml-security-c_1.7.2.orig.tar.gz
Checksums-Sha1:
527b692d8fd65a1bfb3e6de6e6db7dc643ae01a4 2239 xml-security-c_1.7.2-3+deb8u1.dsc
79a1bb81d1cd619143fbc0ed45a79d065dc0355e 15664 xml-security-c_1.7.2-3+deb8u1.debian.tar.xz
1cf115f7edbee8f2c15f153d2a88777ff64410bb 276534 libxml-security-c17_1.7.2-3+deb8u1_i386.deb
bba1bbe59aab021844834c72f4ba85cee972876a 111744 libxml-security-c-dev_1.7.2-3+deb8u1_i386.deb
5a50935522a15f8664cb42576d7303deddab7f3c 126956 xml-security-c-utils_1.7.2-3+deb8u1_i386.deb
fee59d5347ff0666802c8e5aa729e0304ee492bc 875465 xml-security-c_1.7.2.orig.tar.gz
Files:
f8887d07e1202930ad752038fab9237a 2239 libs extra xml-security-c_1.7.2-3+deb8u1.dsc
ffd538b1de61d52b11504cdc09406d21 15664 libs extra xml-security-c_1.7.2-3+deb8u1.debian.tar.xz
2c3010a2c1e069e5815b31bc4fc05b08 276534 libs extra libxml-security-c17_1.7.2-3+deb8u1_i386.deb
ca7441d20a5059f4eb83a570df38e397 111744 libdevel extra libxml-security-c-dev_1.7.2-3+deb8u1_i386.deb
d6b0c075ab6fc5cac1c4960bc06a447c 126956 utils extra xml-security-c-utils_1.7.2-3+deb8u1_i386.deb
2487e00569f6465f7070389e40a3d84f 875465 libs extra xml-security-c_1.7.2.orig.tar.gz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAltnPX0ACgkQOsj3Fkd+
2yOWnxAArhLF+oCK77q5wCbSRvMH36mNrXkyNZYq8Pq9GsnycFN2EzJxwZk6c3T8
eyNrEoKfGwrl+fhtD/Tc1juxQhilt9wsEw0CEP58AamLn1T9/uXJBcY3kK1CJPuo
mhBorKpu6h/jb58y2tEYm0DuN3YuqtSr39Vah3qXHNZgehJEvlfYlfGEFJTnPDtN
+9CvxN/p8urZz7lMpvxEkaRWr1ONQSSMexK/TZvf5IxW6AxifNj5qzuETHj/NLOl
a1+MTKK6U8tiBTX5aJ3lnLqBBO4QA9zXNPjWkVxJRW3J3TypzkK+X20l/g6wPDRF
pEVIvjMSc1lbcJl5sAoQzvwEs8LohdFonk7wSu3fx16ZIyw4aHWxrYDItHATg5yD
G6yG9HW0dsOzScaeR5awJcWYvb1179G8oR7artKKJcgPyy5FqOQfBN+7SELm11U4
XFd8F7h2t2ElSA0jSuCFETCx8emqJJcwrBvM/l2AlrLos3D6QVNqn1TtOuj/HoL1
8iBPtRZfrKFmAnetZFQ6OtpdV2P99+nMtIHfhTYjhx/L1bCzQZNN5otbM68AcLVX
eYgJsWtX7ETI87u7SbBepaDDm3m99sZvzqqfUXTS0uBLTDIzgjoG4yOpZDuRTbGe
g4/CqsA6r2m3mSV1K6wMmPYUwVUmyrZvY/4AT1LHq04jqoAgVsE=
=VwCs
-----END PGP SIGNATURE-----