-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 07 Jul 2011 09:10:33 -0700 Source: xml-security-c Binary: libxml-security-c16 libxml-security-c-dev Architecture: source i386 Version: 1.6.1-1 Distribution: unstable Urgency: high Maintainer: Debian Shib Team <pkg-shibboleth-de...@lists.alioth.debian.org> Changed-By: Russ Allbery <r...@debian.org> Description: libxml-security-c-dev - C++ library for XML Digital Signatures (development) libxml-security-c16 - C++ library for XML Digital Signatures (runtime) Closes: 632973 Changes: xml-security-c (1.6.1-1) unstable; urgency=high . * Urgency high for security fix. * New upstream release. - DSIGObject::load method crashes for ds:Object without Id attribute - Buffer overflow when signing or verifying files with big asymmetric keys (Closes: #632973, CVE-2011-2516) - Memory bug inside XENCCipherImpl::deSerialise - Function cleanURIEscapes always throws XSECException, when any escape sequence occurs - Function isHexDigit doesn't recognize invalid escape sequences - Percent-encoded multibyte (UTF-8) sequences unrecognized - RSA-OAEP handler only allows SHA-1 digests * Update debian/watch for the new organization of Apache downloads. Checksums-Sha1: fd7a3f73e53120fab3d7c99e43097d63db6103d3 1689 xml-security-c_1.6.1-1.dsc 239304659752eb214f3516b6c457c99f0e6467c7 864366 xml-security-c_1.6.1.orig.tar.gz 6874daf4e6ad0421ce34ee1f3e833923d79ca547 7285 xml-security-c_1.6.1-1.debian.tar.gz 2dd5e68cdee7b76567cf0a6fd912d0d9adaea8e9 372064 libxml-security-c16_1.6.1-1_i386.deb 5dbe7bede14e1cb0fc01a050c7a7425cab5f61b5 150394 libxml-security-c-dev_1.6.1-1_i386.deb Checksums-Sha256: 74c60ca69966f246e40f3a10b1f61f1b84fdd0a58f3cda0b29eb2b0e1d484575 1689 xml-security-c_1.6.1-1.dsc 73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd 864366 xml-security-c_1.6.1.orig.tar.gz ae82090ad6f81811de165fb795e8b5b84285e3f4f42cc19320eb73452a47297a 7285 xml-security-c_1.6.1-1.debian.tar.gz 140594585d9912644494c4d3a6d12fc31ae8972df3ae8b9b64905909d5b2623d 372064 libxml-security-c16_1.6.1-1_i386.deb c202edb2f3e5b9ae7f8790bc7d0a8fcc86e8f2e5bd877764c42f03de41f6ae99 150394 libxml-security-c-dev_1.6.1-1_i386.deb Files: 239ad9504d7326e84e8c49bb48f5c764 1689 libs extra xml-security-c_1.6.1-1.dsc 808316c80a7453b6d50a0bceb7ebe9bc 864366 libs extra xml-security-c_1.6.1.orig.tar.gz 7dbad386fb00cdb401ffc1210592148a 7285 libs extra xml-security-c_1.6.1-1.debian.tar.gz 2b7e014d7727c17fd301fa209b374d80 372064 libs extra libxml-security-c16_1.6.1-1_i386.deb 382d66533e1bc31680a2762c8f3786f4 150394 libdevel extra libxml-security-c-dev_1.6.1-1_i386.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBCAAGBQJOFdxjAAoJEH2AMVxXNt513h4IAMABgV5q0rNDu/xQ5eGUU0D4 W/zHxiY57/k5mNqLkyE1fFWP86S3adv/0vrAW9yk/8LorMXE7zxvvC+yFe/49BDV ESVvfd0wVP25a+rjUyq5/LWZb+IvT99uhRAiBpVvhNFY85VZ3aKIViNuHJJgBibs 2/J33BqpH5PwvMhL2iL+UeHniNR0EOjLOvIB2uuFR7zP77HcuiGx1Mqpzw4cvspf BJQBp4gIJX2CEHVBEpB+/+dYCy+AerCYe8lwCIE4hMhzl/33sG6mYCls5MioWec8 cLh0FO4ZfuudifkYemzynkwjC5RbGoaNEnzLpok0ZG2AQg+gUgzex4FzsVE/ijg= =+cse -----END PGP SIGNATURE----- Accepted: libxml-security-c-dev_1.6.1-1_i386.deb to main/x/xml-security-c/libxml-security-c-dev_1.6.1-1_i386.deb libxml-security-c16_1.6.1-1_i386.deb to main/x/xml-security-c/libxml-security-c16_1.6.1-1_i386.deb xml-security-c_1.6.1-1.debian.tar.gz to main/x/xml-security-c/xml-security-c_1.6.1-1.debian.tar.gz xml-security-c_1.6.1-1.dsc to main/x/xml-security-c/xml-security-c_1.6.1-1.dsc xml-security-c_1.6.1.orig.tar.gz to main/x/xml-security-c/xml-security-c_1.6.1.orig.tar.gz -- To UNSUBSCRIBE, email to debian-devel-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1qerut-0000ff...@franck.debian.org