-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 24 Jul 2009 16:34:29 -0700 Source: xml-security-c Binary: libxml-security-c-doc libxml-security-c-dev libxml-security-c12 Architecture: source i386 all Version: 1.2.1-3+etch1 Distribution: oldstable-security Urgency: high Maintainer: Quanah Gibson-Mount <quanah@stanford.edu> Changed-By: Russ Allbery <rra@debian.org> Description: libxml-security-c-dev - C++ library for XML Digital Signatures (development) libxml-security-c-doc - C++ library for XML Digital Signatures (documentation) libxml-security-c12 - C++ library for XML Digital Signatures (runtime) Changes: xml-security-c (1.2.1-3+etch1) oldstable-security; urgency=high . * CVE-2009-0217: Apply upstream patch to sanity-check the HMAC truncation length. Closes a vulnerability that could allow an attacker to spoof HMAC-based signatures and bypass authentication. Files: 7c376bd95337c43d4de11ea3a75a24f5 798 libs extra xml-security-c_1.2.1-3+etch1.dsc c8cfd893e0d13c08e6cdffc1b02d431c 2560698 libs extra xml-security-c_1.2.1.orig.tar.gz eee96ead16c0fe740d1e323bde905830 9397 libs extra xml-security-c_1.2.1-3+etch1.diff.gz 18d5996d062d21bd6af815c80bda5b1a 293276 libs extra libxml-security-c12_1.2.1-3+etch1_i386.deb b2a8f94634550d36369326943ed53baf 120864 libdevel extra libxml-security-c-dev_1.2.1-3+etch1_i386.deb ee0ffa05b1b60925e38f3fca562a08eb 1845748 doc extra libxml-security-c-doc_1.2.1-3+etch1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpvU3kACgkQ+YXjQAr8dHa6KgCcC6SMzsYBxNwZCVcXYIcCqeGf iyAAoNRHnlRdNX+LC2dcGWuEwcogSfe4 =paTU -----END PGP SIGNATURE----- Accepted: libxml-security-c-dev_1.2.1-3+etch1_i386.deb to pool/main/x/xml-security-c/libxml-security-c-dev_1.2.1-3+etch1_i386.deb libxml-security-c-doc_1.2.1-3+etch1_all.deb to pool/main/x/xml-security-c/libxml-security-c-doc_1.2.1-3+etch1_all.deb libxml-security-c12_1.2.1-3+etch1_i386.deb to pool/main/x/xml-security-c/libxml-security-c12_1.2.1-3+etch1_i386.deb xml-security-c_1.2.1-3+etch1.diff.gz to pool/main/x/xml-security-c/xml-security-c_1.2.1-3+etch1.diff.gz xml-security-c_1.2.1-3+etch1.dsc to pool/main/x/xml-security-c/xml-security-c_1.2.1-3+etch1.dsc