-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 17 Jun 2013 22:25:32 -0700 Source: xml-security-c Binary: libxml-security-c16 libxml-security-c-dev Architecture: source i386 Version: 1.6.1-6 Distribution: unstable Urgency: high Maintainer: Debian Shib Team <pkg-shibboleth-de...@lists.alioth.debian.org> Changed-By: Russ Allbery <r...@debian.org> Description: libxml-security-c-dev - C++ library for XML Digital Signatures (development) libxml-security-c16 - C++ library for XML Digital Signatures (runtime) Changes: xml-security-c (1.6.1-6) unstable; urgency=high . * Apply upstream patch to fix a spoofing vulnerability that allows an attacker to reuse existing signatures with arbitrary content. (CVE-2013-2153) * Apply upstream patch to fix a stack overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code. (CVE-2013-2154) * Apply upstream patch to fix processing of the output length of an HMAC-based XML Signature that could cause a denial of service when processing specially chosen input. (CVE-2013-2155) * Apply upstream patch to fix a heap overflow in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitrary code execution. (CVE-2013-2156) Checksums-Sha1: 45ba1595af8e204374ee77fd7b56914c8f1c5059 1785 xml-security-c_1.6.1-6.dsc 461ca76f00d5bc93bf4f8b4b1b2f610e2a538559 11710 xml-security-c_1.6.1-6.debian.tar.gz 8cb9168d96ee39c928f8e8b299e4c0e23b8ff703 369536 libxml-security-c16_1.6.1-6_i386.deb f5c6826e8726831f1e21a0fa2bc244c11a37e0ba 151214 libxml-security-c-dev_1.6.1-6_i386.deb Checksums-Sha256: 9550bfa8eb7d9af144c88e02afb30afd057ba6d9edcbe43db5ece49e6cc353e1 1785 xml-security-c_1.6.1-6.dsc da3a4a694679319645aaf8a68cd95d0958b0fdf9b226655048a5be77faac5330 11710 xml-security-c_1.6.1-6.debian.tar.gz a6d85dcf7c716ce53a9a3e3d15868455c9e97a8d7d7e55ff01fe51aa4c569d7d 369536 libxml-security-c16_1.6.1-6_i386.deb de89b954941647b8cd1cf31366b87306391a431d514173b8bcf6dcfa5a770d34 151214 libxml-security-c-dev_1.6.1-6_i386.deb Files: 914b262f3607b20c018edef6b372ac17 1785 libs extra xml-security-c_1.6.1-6.dsc ef0a096023f4fd1509a522d53dd39ffb 11710 libs extra xml-security-c_1.6.1-6.debian.tar.gz e582ebb337b3162556b8accea649bc72 369536 libs extra libxml-security-c16_1.6.1-6_i386.deb 858ea72ce94a2d4bab88dd2eec1481ac 151214 libdevel extra libxml-security-c-dev_1.6.1-6_i386.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJRv/OpAAoJEH2AMVxXNt51hnsH/ipPq2Gsw8YorIf3w8+1Xl4Q pgL6QtBKyjqui962qqVWm8b5sBrhLKNADW5OJbT+BqurbFHmqGsjHwtZdveFcDU4 MPF1b+mPpHD6Akgy6e9yOvrFTlcO7RMghdvxO9klsHMzCTC2mB2kecgTvVZDo4HH 2FpDCop/lAlkSmfJ6GDdqOK/UMFUC7SU3+1RrJQVJnTi1+VjwQ+F4ib1GytQzCKt xbfumNE1mG8QJtv5WG51aeiKeHVn/ciBCAppH7/1kOeM5PHbCqaxPXk1RuJKVJhB qWjnwS250skVNpr7wk/QjN+j8TGKPSQFA54OR+FdhXDFB8guhUkbTWx1/WhGd/k= =5r2m -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-devel-changes-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/e1uoom0-0006ue...@franck.debian.org