ECDSA XML signature generation segmentation fault
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xml-security-c (Ubuntu) |
Fix Released
|
Medium
|
Eduardo Barretto | ||
Bionic |
New
|
Medium
|
Unassigned |
Bug Description
We found a bug in Apache Santuario C, related to ECDSA signature generation, few years ego. We provide the fix to the Apache team, and Scott Cantor kindly accepted the fix in the project. How ever the fix was introduced in series 2.x of the the library.
The fix we provide was for the version 1.7.x (xml-security-c17) found in Ubuntu 14.04 and looks like Ubuntu 18.04 is still including a version from series 1.7.x. Our products goes trough certification processes where using source code without patches is something very well seen.
We are interesting in exploring the possibility to start a communication with Ubuntu maintainers team, in order to request including some patches or version upgrades in libraries we are contributing and we are using in products based in Ubuntu minimal 14.04 and 18.04.
The commit with the fix for the bug can be found here:
summary: |
- ECDSA signature generation segmentation fault + ECDSA XML signature generation segmentation fault |
information type: | Public → Public Security |
Changed in xml-security-c (Ubuntu): | |
assignee: | nobody → Eduardo dos Santos Barretto (ebarretto) |
tags: | added: bionic trusty xenial |
Changed in xml-security-c (Ubuntu): | |
status: | New → Fix Released |
importance: | Undecided → Medium |
Changed in xml-security-c (Ubuntu Bionic): | |
importance: | Undecided → Medium |
Changed in xml-security-c (Ubuntu): | |
assignee: | Eduardo dos Santos Barretto (ebarretto) → nobody |
Changed in xml-security-c (Ubuntu): | |
assignee: | nobody → Eduardo dos Santos Barretto (ebarretto) |
status: | Fix Released → New |
Changed in xml-security-c (Ubuntu): | |
status: | New → In Progress |
Changed in xml-security-c (Ubuntu): | |
status: | In Progress → Fix Released |
Here is the debdiff in case it could help the maintainers to solve the bug.