Your message dated Thu, 07 Jul 2011 16:32:15 +0000
with message-id <[email protected]>
and subject line Bug#632973: fixed in xml-security-c 1.6.1-1
has caused the Debian Bug report #632973,
regarding xml-security-c: CVE-2011-2516: buffer overflows signing or verifying 
with large keys
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
632973: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632973
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xml-security-c
Version: 1.6.0-2
Severity: grave
Tags: security
Justification: user security hole

Full advisory at
<http://santuario.apache.org/secadv/CVE-2011-2516.txt>
including links to patches in upstream SVN.

Also assumed to affect stable and oldstable.



--- End Message ---
--- Begin Message ---
Source: xml-security-c
Source-Version: 1.6.1-1

We believe that the bug you reported is fixed in the latest version of
xml-security-c, which is due to be installed in the Debian FTP archive:

libxml-security-c-dev_1.6.1-1_i386.deb
  to main/x/xml-security-c/libxml-security-c-dev_1.6.1-1_i386.deb
libxml-security-c16_1.6.1-1_i386.deb
  to main/x/xml-security-c/libxml-security-c16_1.6.1-1_i386.deb
xml-security-c_1.6.1-1.debian.tar.gz
  to main/x/xml-security-c/xml-security-c_1.6.1-1.debian.tar.gz
xml-security-c_1.6.1-1.dsc
  to main/x/xml-security-c/xml-security-c_1.6.1-1.dsc
xml-security-c_1.6.1.orig.tar.gz
  to main/x/xml-security-c/xml-security-c_1.6.1.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Russ Allbery <[email protected]> (supplier of updated xml-security-c package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 07 Jul 2011 09:10:33 -0700
Source: xml-security-c
Binary: libxml-security-c16 libxml-security-c-dev
Architecture: source i386
Version: 1.6.1-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <[email protected]>
Changed-By: Russ Allbery <[email protected]>
Description: 
 libxml-security-c-dev - C++ library for XML Digital Signatures (development)
 libxml-security-c16 - C++ library for XML Digital Signatures (runtime)
Closes: 632973
Changes: 
 xml-security-c (1.6.1-1) unstable; urgency=high
 .
   * Urgency high for security fix.
   * New upstream release.
     - DSIGObject::load method crashes for ds:Object without Id attribute
     - Buffer overflow when signing or verifying files with big asymmetric
       keys (Closes: #632973, CVE-2011-2516)
     - Memory bug inside XENCCipherImpl::deSerialise
     - Function cleanURIEscapes always throws XSECException, when any
       escape sequence occurs
     - Function isHexDigit doesn't recognize invalid escape sequences
     - Percent-encoded multibyte (UTF-8) sequences unrecognized
     - RSA-OAEP handler only allows SHA-1 digests
   * Update debian/watch for the new organization of Apache downloads.
Checksums-Sha1: 
 fd7a3f73e53120fab3d7c99e43097d63db6103d3 1689 xml-security-c_1.6.1-1.dsc
 239304659752eb214f3516b6c457c99f0e6467c7 864366 
xml-security-c_1.6.1.orig.tar.gz
 6874daf4e6ad0421ce34ee1f3e833923d79ca547 7285 
xml-security-c_1.6.1-1.debian.tar.gz
 2dd5e68cdee7b76567cf0a6fd912d0d9adaea8e9 372064 
libxml-security-c16_1.6.1-1_i386.deb
 5dbe7bede14e1cb0fc01a050c7a7425cab5f61b5 150394 
libxml-security-c-dev_1.6.1-1_i386.deb
Checksums-Sha256: 
 74c60ca69966f246e40f3a10b1f61f1b84fdd0a58f3cda0b29eb2b0e1d484575 1689 
xml-security-c_1.6.1-1.dsc
 73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd 864366 
xml-security-c_1.6.1.orig.tar.gz
 ae82090ad6f81811de165fb795e8b5b84285e3f4f42cc19320eb73452a47297a 7285 
xml-security-c_1.6.1-1.debian.tar.gz
 140594585d9912644494c4d3a6d12fc31ae8972df3ae8b9b64905909d5b2623d 372064 
libxml-security-c16_1.6.1-1_i386.deb
 c202edb2f3e5b9ae7f8790bc7d0a8fcc86e8f2e5bd877764c42f03de41f6ae99 150394 
libxml-security-c-dev_1.6.1-1_i386.deb
Files: 
 239ad9504d7326e84e8c49bb48f5c764 1689 libs extra xml-security-c_1.6.1-1.dsc
 808316c80a7453b6d50a0bceb7ebe9bc 864366 libs extra 
xml-security-c_1.6.1.orig.tar.gz
 7dbad386fb00cdb401ffc1210592148a 7285 libs extra 
xml-security-c_1.6.1-1.debian.tar.gz
 2b7e014d7727c17fd301fa209b374d80 372064 libs extra 
libxml-security-c16_1.6.1-1_i386.deb
 382d66533e1bc31680a2762c8f3786f4 150394 libdevel extra 
libxml-security-c-dev_1.6.1-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBCAAGBQJOFdxjAAoJEH2AMVxXNt513h4IAMABgV5q0rNDu/xQ5eGUU0D4
W/zHxiY57/k5mNqLkyE1fFWP86S3adv/0vrAW9yk/8LorMXE7zxvvC+yFe/49BDV
ESVvfd0wVP25a+rjUyq5/LWZb+IvT99uhRAiBpVvhNFY85VZ3aKIViNuHJJgBibs
2/J33BqpH5PwvMhL2iL+UeHniNR0EOjLOvIB2uuFR7zP77HcuiGx1Mqpzw4cvspf
BJQBp4gIJX2CEHVBEpB+/+dYCy+AerCYe8lwCIE4hMhzl/33sG6mYCls5MioWec8
cLh0FO4ZfuudifkYemzynkwjC5RbGoaNEnzLpok0ZG2AQg+gUgzex4FzsVE/ijg=
=+cse
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to