Hi, I'll upload 1.2.14-1.1 to address this security issue according to attached patch.
Cheers, Thijs
diff -u xmlsec1-1.2.14/debian/changelog xmlsec1-1.2.14/debian/changelog --- xmlsec1-1.2.14/debian/changelog +++ xmlsec1-1.2.14/debian/changelog @@ -1,3 +1,11 @@ +xmlsec1 (1.2.14-1.1) unstable; urgency=high + + * Non-maintainer upload by the Security Team. + * Apply patch from upstream addressing arbitrary file overwrite + (CVE-2011-1425, closes: #620560). + + -- Thijs Kinkhorst <th...@debian.org> Sat, 09 Apr 2011 17:40:24 +0200 + xmlsec1 (1.2.14-1) unstable; urgency=low * New upstream release, fixes CVE-2009-3736 (Closes: #559831) only in patch2: unchanged: --- xmlsec1-1.2.14.orig/apps/xmlsec.c +++ xmlsec1-1.2.14/apps/xmlsec.c @@ -24,6 +24,7 @@ #include <libxslt/extensions.h> #include <libxslt/xsltInternals.h> #include <libxslt/xsltutils.h> +#include <libxslt/security.h> #include <libexslt/exslt.h> #endif /* XMLSEC_NO_XSLT */ @@ -2400,6 +2401,11 @@ } static int intialized = 0; + +#ifndef XMLSEC_NO_XSLT +static xsltSecurityPrefsPtr xsltSecPrefs = NULL; +#endif /* XMLSEC_NO_XSLT */ + static int xmlSecAppInit(void) { if(intialized != 0) { @@ -2414,7 +2420,20 @@ #ifndef XMLSEC_NO_XSLT xmlIndentTreeOutput = 1; #endif /* XMLSEC_NO_XSLT */ - + + + /* Init libxslt */ +#ifndef XMLSEC_NO_XSLT + /* disable everything */ + xsltSecPrefs = xsltNewSecurityPrefs(); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_FILE, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_CREATE_DIRECTORY, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_READ_NETWORK, xsltSecurityForbid); + xsltSetSecurityPrefs(xsltSecPrefs, XSLT_SECPREF_WRITE_NETWORK, xsltSecurityForbid); + xsltSetDefaultSecurityPrefs(xsltSecPrefs); +#endif /* XMLSEC_NO_XSLT */ + /* Init xmlsec */ if(xmlSecInit() < 0) { fprintf(stderr, "Error: xmlsec intialization failed.\n"); @@ -2461,6 +2480,7 @@ /* Shutdown libxslt/libxml */ #ifndef XMLSEC_NO_XSLT + xsltFreeSecurityPrefs(xsltSecPrefs); xsltCleanupGlobals(); #endif /* XMLSEC_NO_XSLT */ xmlCleanupParser();
signature.asc
Description: This is a digitally signed message part.