-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 27 Jun 2013 13:44:56 -0700 Source: xml-security-c Binary: libxml-security-c16 libxml-security-c-dev Architecture: source i386 Version: 1.6.1-7 Distribution: unstable Urgency: high Maintainer: Debian Shib Team <pkg-shibboleth-de...@lists.alioth.debian.org> Changed-By: Russ Allbery <r...@debian.org> Description: libxml-security-c-dev - C++ library for XML Digital Signatures (development) libxml-security-c16 - C++ library for XML Digital Signatures (runtime) Closes: 714241 Changes: xml-security-c (1.6.1-7) unstable; urgency=high . * The attempted fix to address CVE-2013-2154 introduced the possibility of a heap overflow, possibly leading to arbitrary code execution, in the processing of malformed XPointer expressions in the XML Signature Reference processing code. Apply upstream patch to fix that heap overflow. (Closes: #714241, CVE-2013-2210) Checksums-Sha1: 00bfb2fe2d2610247399a92d25be1b6741fb1894 1785 xml-security-c_1.6.1-7.dsc 88bab9e767cbba07ad789b245547fcfcc461a096 12009 xml-security-c_1.6.1-7.debian.tar.gz 7fc0b8e1da45668cfc87100eb5217643a3a8bfca 359686 libxml-security-c16_1.6.1-7_i386.deb 58f871c561ee58e67ccfa167404bf9d4bc641917 151294 libxml-security-c-dev_1.6.1-7_i386.deb Checksums-Sha256: 2b9323dc02ceb2705fc22395dcd4e170f72c8cc3bea321689c69d86c02a09774 1785 xml-security-c_1.6.1-7.dsc dc9308b535a57592ae450c8374be2eb6081d539c1f64d44c79ab11095153555b 12009 xml-security-c_1.6.1-7.debian.tar.gz 82342fc3a0982d62e5fbf0a2a2eb089747f9ae4a8dc1dde7cbbcceb83fdce1be 359686 libxml-security-c16_1.6.1-7_i386.deb a9530bad8d09482a79ea7322bd1c422fd6156e4c0480b6893a2f27cdb6e9eab7 151294 libxml-security-c-dev_1.6.1-7_i386.deb Files: 094bf36076fe14078fe156029ec8a981 1785 libs extra xml-security-c_1.6.1-7.dsc 2818b708f8525ede455dfa57f768c2a5 12009 libs extra xml-security-c_1.6.1-7.debian.tar.gz 2526c149389b0d418653aaf56036cd2e 359686 libs extra libxml-security-c16_1.6.1-7_i386.deb 153a8eee6ee8d937e6a66ae331b579cf 151294 libdevel extra libxml-security-c-dev_1.6.1-7_i386.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJRzKYiAAoJEH2AMVxXNt51WL0H/jG3B/qEKrDXDtuViCeU/7ke ez8KhhY7gmTojUl+qY0X5xkjnH50dpCBh+0HmmPwDodyRjAeHH+vnVmbOX/Sfaea 5DBLHuq6+eF0f/9Zlwxx6/xkO5z/wzjpxA9aOiTOKK99WO145PBshvVacmK2vt4I vblFWXr3Cmo7i1YMqbqXNhAGFGm8mvFUI5/+X9KjquqkOHzw8gupsy5nN7TxWOep Dmvuen9GC+ce+8U1AONZJ1ZcOGqFk+rd264BkpgqQCsr4CetJ5Qlr5x0gD6Q9419 tvEf36pE0oRI1wdLmMhuSzOroaTSuPY4XrOd4c0adYXwXKhNu3OfcHodtERwcT8= =c4fI -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-devel-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1usjnb-0000lv...@franck.debian.org