Ubuntu
xml-security-c package

xml-security-c 1.6.1-1ubuntu0.1 source package in Ubuntu

Changelog

xml-security-c (1.6.1-1ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: (LP: #1192874).
    - Apply upstream patch to fix a spoofing vulnerability that allows an
      attacker to reuse existing signatures with arbitrary content.
      (CVE-2013-2153)
    - Apply upstream patch to fix a stack overflow in the processing of
      malformed XPointer expressions in the XML Signature Reference
      processing code. (CVE-2013-2154)
    - Apply upstream patch to fix processing of the output length of an
      HMAC-based XML Signature that could cause a denial of service when
      processing specially chosen input. (CVE-2013-2155)
    - Apply upstream patch to fix a heap overflow in the processing of the
      PrefixList attribute optionally used in conjunction with Exclusive
      Canonicalization, potentially allowing arbitrary code execution.
      (CVE-2013-2156)
  * SECURITY UPDATE: The attempted fix to address CVE-2013-2154 introduced
    the possibility of a heap overflow, possibly leading to arbitrary code
    execution, in the processing of malformed XPointer expressions in the
    XML Signature Reference processing code (LP: #1199969).
    - Apply upstream patch to fix that heap overflow. (CVE-2013-2210)
 -- Christian Biamont <email address hidden>   Wed, 25 Sep 2013 10:27:27 +0200

Upload details

Uploaded by:
Christian Biamont
Sponsored by:
Marc Deslauriers
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any
Section:
libs
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Precise updates universe libs
Precise security universe libs

Downloads

File Size SHA-256 Checksum
xml-security-c_1.6.1.orig.tar.gz 844.1 KiB 73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd
xml-security-c_1.6.1-1ubuntu0.1.debian.tar.gz 11.3 KiB c04ecc1c84f564b59d19ffac033dcdae47e7c8d2b9c9181c262337627f8dff7b
xml-security-c_1.6.1-1ubuntu0.1.dsc 2.2 KiB be5b542b43e742a4125af7d90539cdb3849d888e763b5da47f24a7730f9cdcb0

View changes file

Binary packages built by this source

libxml-security-c-dev: C++ library for XML Digital Signatures (development)

 Apache XML Security for C++ is a library for the XML Digital Security
 specification. It provides processing and handling of XML Key Management
 Specifications (XKMS) messages.
 .
 This package contains the Apache XML Security for C++ development files.

libxml-security-c16: C++ library for XML Digital Signatures (runtime)

 Apache XML Security for C++ is a library for the XML Digital Security
 specification. It provides processing and handling of XML Key Management
 Specifications (XKMS) messages.
 .
 This package contains the files necessary for running applications that
 use the Apache XML Security for C++ library.