A jar is now available for testing:
http://people.apache.org/~mullan/dist/xmlsec-1.4.3beta1.jar
Here is a complete list of what bugs have been fixed:
Fixed Bug 47526: XML signature HMAC truncation authentication bypass
Fixed Bug 47525: Fix checkstyle problems with source and tests.
Sean Mullan wrote on 2009-07-14:
> I have just putback a fix for this vulnerability to the source code
> repository. This patch will be included in the (Java) version 1.4.3
> release. Because of the potential severity of this issue, we are
> planning an expedited release process for 1.4.3. I plan t
https://issues.apache.org/bugzilla/show_bug.cgi?id=47527
Scott Cantor changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
Hi all,
I have just putback a fix for this vulnerability to the source code repository.
This patch will be included in the (Java) version 1.4.3 release. Because of the
potential severity of this issue, we are planning an expedited release process
for 1.4.3. I plan to make available a jar for t
https://issues.apache.org/bugzilla/show_bug.cgi?id=45849
Scott Cantor changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
https://issues.apache.org/bugzilla/show_bug.cgi?id=47527
Summary: XML signature HMAC truncation authentication bypass
Product: Security
Version: C++ 1.5.0
Platform: All
URL: http://www.kb.cert.org/vuls/id/466161
OS/Version: All
https://issues.apache.org/bugzilla/show_bug.cgi?id=47526
sean.mul...@sun.com changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
https://issues.apache.org/bugzilla/show_bug.cgi?id=47526
Summary: XML signature HMAC truncation authentication bypass
Product: Security
Version: Java 1.4.2
Platform: All
OS/Version: All
Status: NEW
Severity: critical
https://issues.apache.org/bugzilla/show_bug.cgi?id=47525
coheigea changed:
What|Removed |Added
Status|NEW |RESOLVED
Resolution|
Hi,
We are using hardware-based security providers that we need to explicitly
specify our encryption and decryption providers. I noticed that works for
key encryption, but the decryption doesn't allow an explicit provider when
decrypting (in EncryptedKeyResolver) the symmetric key with the
key
https://issues.apache.org/bugzilla/show_bug.cgi?id=41858
coheigea changed:
What|Removed |Added
Status|NEEDINFO|RESOLVED
Resolution|
https://issues.apache.org/bugzilla/show_bug.cgi?id=41858
--- Comment #7 from sean.mul...@sun.com 2009-07-14 07:05:39 PST ---
Yes, I think it can be marked RESOLVED. It was originally marked NEEDINFO
because I wanted a sample program. The current status is that I was waiting for
the submitter
https://issues.apache.org/bugzilla/show_bug.cgi?id=47525
Summary: Fix checkstyle problems with source and tests
Product: Security
Version: Java 1.4.2
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
https://issues.apache.org/bugzilla/show_bug.cgi?id=41858
--- Comment #6 from coheigea 2009-07-14 06:48:48 PST ---
Is there a reason this bug is marked as "NEEDINFO"? From the comments it seems
like the bug is in another open source project, not XML Security. Can this be
marked as "RESOLVED"
14 matches
Mail list logo
