Sync xml-security-c 1.4.0-4 (universe) from Debian testing (main).
Bug #413583 reported by
Michael Bienia
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xml-security-c (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Please sync xml-security-c 1.4.0-4 (universe) from Debian testing (main).
Changelog since current karmic version 1.4.0-3:
xml-security-c (1.4.0-4) unstable; urgency=high
* CVE-2009-0217: Apply upstream patch to sanity-check the HMAC
truncation length. Closes a vulnerability that could allow an
attacker to spoof HMAC-based signatures and bypass authentication.
* Remove duplicate section for libxml-
* Update standards version to 3.8.2 (no changes required).
-- Russ Allbery <email address hidden> Fri, 24 Jul 2009 15:02:55 -0700
CVE References
Changed in xml-security-c (Ubuntu): | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
To post a comment you must log in.
[Updating] xml-security-c (1.4.0-3 [Ubuntu] < 1.4.0-4 [Debian]) c_1.4.0. orig.tar. gz: already in distro - downloading from librarian> c_1.4.0- 4.dsc: downloading from http:// ftp.debian. org/debian/> c_1.4.0- 4.diff. gz: downloading from http:// ftp.debian. org/debian/> security- c14_1.4. 0-3 [universe]. security- c-dev_1. 4.0-3 [universe].
* Trying to add xml-security-c...
- <xml-security-
- <xml-security-
- <xml-security-
I: xml-security-c [universe] -> libxml-
I: xml-security-c [universe] -> libxml-