xml-security-c (1.5.1-3+squeeze2build0.10.04.1) lucid-security; urgency=low
* fake sync from Debian
xml-security-c (1.5.1-3+squeeze2) oldstable-security; urgency=high
* Apply upstream patch to fix a spoofing vulnerability that allows an
attacker to reuse existing signatures with arbitrary content.
(CVE-2013-2153)
* Apply upstream patch to fix a stack overflow in the processing of
malformed XPointer expressions in the XML Signature Reference
processing code. (CVE-2013-2154)
* Apply upstream patch to fix processing of the output length of an
HMAC-based XML Signature that could cause a denial of service when
processing specially chosen input. (CVE-2013-2155)
* Apply upstream patch to fix a heap overflow in the processing of the
PrefixList attribute optionally used in conjunction with Exclusive
Canonicalization, potentially allowing arbitrary code execution.
(CVE-2013-2156)
Date: 2013-06-18 17:00:15.148584+00:00
Changed-By: Marc Deslauriers <[email protected]>
https://launchpad.net/ubuntu/lucid/+source/xml-security-c/1.5.1-3+squeeze2build0.10.04.1
Sorry, changesfile not available.
--
Lucid-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lucid-changes
