This bug was fixed in the package xml-security-c - 1.6.1-1ubuntu0.1
---------------
xml-security-c (1.6.1-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: (LP: #1192874).
- Apply upstream patch to fix a spoofing vulnerability that allows an
attacker to reuse existing signatures with arbitrary content.
(CVE-2013-2153)
- Apply upstream patch to fix a stack overflow in the processing of
malformed XPointer expressions in the XML Signature Reference
processing code. (CVE-2013-2154)
- Apply upstream patch to fix processing of the output length of an
HMAC-based XML Signature that could cause a denial of service when
processing specially chosen input. (CVE-2013-2155)
- Apply upstream patch to fix a heap overflow in the processing of the
PrefixList attribute optionally used in conjunction with Exclusive
Canonicalization, potentially allowing arbitrary code execution.
(CVE-2013-2156)
* SECURITY UPDATE: The attempted fix to address CVE-2013-2154 introduced
the possibility of a heap overflow, possibly leading to arbitrary code
execution, in the processing of malformed XPointer expressions in the
XML Signature Reference processing code (LP: #1199969).
- Apply upstream patch to fix that heap overflow. (CVE-2013-2210)
-- Christian Biamont <christianbiam...@gmail.com> Wed, 25 Sep 2013 10:27:27
+0200
** Changed in: xml-security-c (Ubuntu Precise)
Status: Fix Committed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2153
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-2155
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1192874
Title:
heap overflow while processing InclusiveNamespace PrefixList
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/xml-security-c/+bug/1192874/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
