Public bug reported: We found a bug in Apache Santuario C, related to ECDSA signature generation, few years ego. We provide the fix to the Apache team, and Scott Cantor kindly accepted the fix in the project. How ever the fix was introduced in series 2.x of the the library.
The fix we provide was for the version 1.7.x (xml-security-c17) found in Ubuntu 14.04 and looks like Ubuntu 18.04 is still including a version from series 1.7.x. Our products goes trough certification processes where using source code without patches is something very well seen. We are interesting in exploring the possibility to start a communication with Ubuntu maintainers team, in order to request including some patches or version upgrades in libraries we are contributing and we are using in products based in Ubuntu minimal 14.04 and 18.04. The commit with the fix for the bug can be found here: http://svn.apache.org/viewvc/santuario/xml-security- cpp/trunk/xsec/utils/XSECSafeBuffer.cpp?r1=1806212&r2=1807280&diff_format=h ** Affects: xml-security-c (Ubuntu) Importance: Undecided Status: New ** Summary changed: - ECDSA signature generation segmentation fault + ECDSA XML signature generation segmentation fault -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1816040 Title: ECDSA XML signature generation segmentation fault To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/xml-security-c/+bug/1816040/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
