Ubuntu
xml-security-c package

Sync xml-security-c 1.4.0-4 (universe) from Debian testing (main).

Bug #413583 reported by Michael Bienia on 2009-08-14

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	xml-security-c (Ubuntu)	Fix Released	Wishlist	Unassigned

Bug Description

Please sync xml-security-c 1.4.0-4 (universe) from Debian testing (main).

Changelog since current karmic version 1.4.0-3:

xml-security-c (1.4.0-4) unstable; urgency=high

  * CVE-2009-0217: Apply upstream patch to sanity-check the HMAC
    truncation length. Closes a vulnerability that could allow an
    attacker to spoof HMAC-based signatures and bypass authentication.
  * Remove duplicate section for libxml-security-c14.
  * Update standards version to 3.8.2 (no changes required).

-- Russ Allbery <email address hidden> Fri, 24 Jul 2009 15:02:55 -0700

CVE References

2009-0217

Michael Bienia (geser) on 2009-08-14

Changed in xml-security-c (Ubuntu):
importance:	Undecided → Wishlist
status:	New → Confirmed

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2009-08-15:

[Updating] xml-security-c (1.4.0-3 [Ubuntu] < 1.4.0-4 [Debian])
* Trying to add xml-security-c...
  - <xml-security-c_1.4.0.orig.tar.gz: already in distro - downloading from librarian>
  - <xml-security-c_1.4.0-4.dsc: downloading from http://ftp.debian.org/debian/>
  - <xml-security-c_1.4.0-4.diff.gz: downloading from http://ftp.debian.org/debian/>
I: xml-security-c [universe] -> libxml-security-c14_1.4.0-3 [universe].
I: xml-security-c [universe] -> libxml-security-c-dev_1.4.0-3 [universe].

Changed in xml-security-c (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuxml-security-c package