Fix for CVE-2013-2154 introduced another possible heap overflow
Bug #1199969 reported by
Luke Faraone
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
xml-security-c (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned | ||
Raring |
Fix Released
|
Undecided
|
Unassigned | ||
Saucy |
Fix Released
|
High
|
Unassigned |
Bug Description
From the new CVE:
The attempted fix to address CVE-2013-2154 introduced the
possibility of a heap overflow, possibly leading to arbitrary code
execution, in the processing of malformed XPointer expressions in the
XML Signature Reference processing code.
Changed in xml-security-c (Ubuntu Raring): | |
status: | Confirmed → Fix Committed |
Changed in xml-security-c (Ubuntu Quantal): | |
status: | Confirmed → Fix Committed |
To post a comment you must log in.
This was fixed in 1.6.1-7.