Back to xml-security-c PTS page

Accepted xml-security-c 1.7.3-4+deb9u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted xml-security-c 1.7.3-4+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
From: Ferenc Wágner <wferi@debian.org>
Date: Thu, 09 Aug 2018 05:35:28 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1fndbc-000Eyp-E6@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri,  3 Aug 2018 14:30:43 CEST
Source: xml-security-c
Binary: libxml-security-c17v5 libxml-security-c-dev xml-security-c-utils
Architecture: source
Version: 1.7.3-4+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxml-security-c-dev - C++ library for XML Digital Signatures (development)
 libxml-security-c17v5 - C++ library for XML Digital Signatures (runtime)
 xml-security-c-utils - C++ library for XML Digital Signatures (utilities)
Closes: 905332
Changes:
 xml-security-c (1.7.3-4+deb9u1) stretch-security; urgency=high
 .
   * [93b87c6] New patch: Default KeyInfo resolver doesn't check for empty
     element content.
     The Apache Santuario XML Security for C++ library contained a
     number of code paths at risk of dereferencing null pointers when
     processing various kinds of malformed KeyInfo hints typically found
     in signed or encrypted XML. The usual effect is a crash, and in the
     case of the Shibboleth SP software, a crash in the shibd daemon.
     Upstream bug:
       https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491
     CVE: not assigned yet
     Thanks to Scott Cantor (Closes: #905332)
Checksums-Sha256: 
 1b1228439b760703062e60a6daee033dacf293a95a5feba1a81c7c6d6c873ea4 2336 xml-security-c_1.7.3-4+deb9u1.dsc
 73879fa0f820ef06ae3663ff40232abdb9f8ed51a07ea43ab934bac7d9dfafc3 43404 xml-security-c_1.7.3-4+deb9u1.debian.tar.xz
 e5226e7319d44f6fd9147a13fb853f5c711b9e75bf60ec273a0ef8a190592583 909320 xml-security-c_1.7.3.orig.tar.gz
Checksums-Sha1: 
 ce52525c4d6b986ab5ef5ddce7255c0d694b22f7 2336 xml-security-c_1.7.3-4+deb9u1.dsc
 4c20d812dcfdea3dc0c475dc627e66b1300a941f 43404 xml-security-c_1.7.3-4+deb9u1.debian.tar.xz
 bcbe98e0bd3695a0b961a223cce53e2f35c4681b 909320 xml-security-c_1.7.3.orig.tar.gz
Files: 
 8ef958f00a785116827955dd242dbae2 2336 libs extra xml-security-c_1.7.3-4+deb9u1.dsc
 544a5a74d240da600efe85dc30efa9b2 43404 libs extra xml-security-c_1.7.3-4+deb9u1.debian.tar.xz
 481a0f29d1b6e898da79f80dbbf7b05b 909320 libs extra xml-security-c_1.7.3.orig.tar.gz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAltkSzcACgkQOsj3Fkd+
2yOKZg//TYZXREU6dzGM2poOOnZSdhlfUSzuiJvUaryHaJFlzWmi6bQfSqdBa6wx
HnO38SYvEVycUnjBQGPrJcVfcQv2ioorlyEUbBJ/Ey2rpXEoVX0bBTTAbU21nndz
roKAMlcpxmAOveg0v+g+QVKYKzuxv1hzAs92abaTdL/n1LM3ZMUvS2ZCQ2l37SMs
3X4EczalZRMiPZs7Ys9b/bkdid+vLCxtbK2f0LYWUD0IDxgmrurHYQBOiNZJFU1F
1A84IVU3doXOfOgAblIlibFn2rTHLXdDU0/Nsw6r+gDuAUmS+YhuUqyBgTLs74zX
ynH28in87KnK28KeQTBZF+r/+l22lwBcmrVXL7hyzYCi1hGOwS4LUIrNa+FeUm26
Ix3pUVTJ3ZNeougiewtHz6fOMXmD8aK9AqCcG4a5JWkSKauhoCjFpfsNXc4h1EPd
lKtmVkeG3u0R3qmOVHZ6is6yiiHgEgN0XRYlp21RBzjF7D3lZSiyeQxnx6G818PZ
v+5rIPlTbzuIVJFJ3dHYJwzIvZ1lE+72SjOlYRrBlyL89D0SKTQctNqnNsYwuIXL
MgapsNlwZ+oQmNwDfVAlrSPRWWMeeock/v9HMpTsBYsfqU59yEOdWa3txP/ADjeV
GmIqhkuumBmCM8lR7Te6qhX9o9OA5WNhjxC7Hqdxl06dooNC+L8=
=+/Rv
-----END PGP SIGNATURE-----