xml-security-c (1.6.1-7~build0.13.04.1) raring-security; urgency=low
* fake sync from Debian
xml-security-c (1.6.1-7) unstable; urgency=high
* The attempted fix to address CVE-2013-2154 introduced the possibility
of a heap overflow, possibly leading to arbitrary code execution, in
the processing of malformed XPointer expressions in the XML Signature
Reference processing code. Apply upstream patch to fix that heap
overflow. (Closes: #714241, CVE-2013-2210)
xml-security-c (1.6.1-6) unstable; urgency=high
* Apply upstream patch to fix a spoofing vulnerability that allows an
attacker to reuse existing signatures with arbitrary content.
(CVE-2013-2153)
* Apply upstream patch to fix a stack overflow in the processing of
malformed XPointer expressions in the XML Signature Reference
processing code. (CVE-2013-2154)
* Apply upstream patch to fix processing of the output length of an
HMAC-based XML Signature that could cause a denial of service when
processing specially chosen input. (CVE-2013-2155)
* Apply upstream patch to fix a heap overflow in the processing of the
PrefixList attribute optionally used in conjunction with Exclusive
Canonicalization, potentially allowing arbitrary code execution.
(CVE-2013-2156)
Date: 2013-07-10 22:20:15.596938+00:00
Changed-By: Jamie Strandboge <[email protected]>
https://launchpad.net/ubuntu/raring/+source/xml-security-c/1.6.1-7~build0.13.04.1
Sorry, changesfile not available.
--
Raring-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/raring-changes
