-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 17 Jun 2013 21:27:58 -0700 Source: xml-security-c Binary: libxml-security-c17 libxml-security-c-dev xml-security-c-utils Architecture: source i386 Version: 1.7.1-1 Distribution: experimental Urgency: high Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org> Changed-By: Russ Allbery <rra@debian.org> Description: libxml-security-c-dev - C++ library for XML Digital Signatures (development) libxml-security-c17 - C++ library for XML Digital Signatures (runtime) xml-security-c-utils - C++ library for XML Digital Signatures (utilities) Changes: xml-security-c (1.7.1-1) experimental; urgency=high . * New upstream release. - Fix a spoofing vulnerability that allows an attacker to reuse existing signatures with arbitrary content. (CVE-2013-2153) - Fix a stack overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code. (CVE-2013-2154) - Fix processing of the output length of an HMAC-based XML Signature that could cause a denial of service when processing specially chosen input. (CVE-2013-2155) - Fix a heap overflow in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitrary code execution. (CVE-2013-2156) - Reduce entity expansion limits when parsing. - New --id option to the xenc-checksig utility. * Rename the binaries in the xml-security-c-utils package to start with xsec-* instead of xmlsec-*. This reflects the common abbreviation used by the package. Checksums-Sha1: 6aa4f945d377372be46b4a313a4c7036de2ef4d2 1841 xml-security-c_1.7.1-1.dsc 4253f691fe2cde5bc4a3bdf557b9566eb1c769e6 875367 xml-security-c_1.7.1.orig.tar.gz 17b6ddbfc01e507dc46e3aa8ea0c162f6bc4016e 11932 xml-security-c_1.7.1-1.debian.tar.xz a9ed8e54e7ea498519004332ba9c05a590aea94b 286096 libxml-security-c17_1.7.1-1_i386.deb 53bf31f135735dc1a4e77f770583ddca139f0158 110762 libxml-security-c-dev_1.7.1-1_i386.deb a8919b98311177acd6d011286a857eaa5504ca69 122612 xml-security-c-utils_1.7.1-1_i386.deb Checksums-Sha256: d140e13cf5532181cf7c35bf89c996e450ebec2afa8ddc4fb935edb3d90597f2 1841 xml-security-c_1.7.1-1.dsc 3d306660702d620b30605627f970b90667ed967211a8fc26b3243e6d3abeb32e 875367 xml-security-c_1.7.1.orig.tar.gz 096a7a3231e6aa0f2d22ae40adf608230fb336bed205d3d808a079249c4470a5 11932 xml-security-c_1.7.1-1.debian.tar.xz 16fc6f7e41f35b6874c51cdbc4053c8e421c4f3547af5c43968344be1425e382 286096 libxml-security-c17_1.7.1-1_i386.deb 5a1a70565ff675ab9ffd45792529ff14bf72aab1154e644df828183bf2def0dd 110762 libxml-security-c-dev_1.7.1-1_i386.deb 0fbdbc4c908b5c24983889885f851f7b923ba8ed36eef68da03b62d10f617697 122612 xml-security-c-utils_1.7.1-1_i386.deb Files: c34494db2e81cf2e81b733ee29bc6e2c 1841 libs extra xml-security-c_1.7.1-1.dsc cce922e188afcd557636c53c58113bae 875367 libs extra xml-security-c_1.7.1.orig.tar.gz 1ac3f4939b70531398384f2dbca5a9a0 11932 libs extra xml-security-c_1.7.1-1.debian.tar.xz d4dab530ca022ed3d43b47804ad0c21b 286096 libs extra libxml-security-c17_1.7.1-1_i386.deb 47eb510cb43054bf6269f34adb641325 110762 libdevel extra libxml-security-c-dev_1.7.1-1_i386.deb e181455bc78dfd4e05288f82138d1128 122612 utils extra xml-security-c-utils_1.7.1-1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJRv+PwAAoJEH2AMVxXNt51DsMIAL3a+IKok/U2ptMsKMRrAtU6 +EKQ1c6PcaZn9r1rTslQq1dR4R4542iHZli3aZ6nl/lUywNaze8tHU9J82EQkjtP Afnwb0w9ibDECx9kOGl00kLyWUoH9TROMKNz5Ywl89gou9CfLcOE9u1fLzdlqhzY AWqjfm9URM4LKyEQZKk3XKDEZU1RCo/PBM8PrMB9GwC0f80dztj4cP/2hu0r1zPp ukictis+buhxrs8qcbTEWLg9v5HTvpf/4ThJKf7juci3xkQn7v+oHV5lNV7rEU+S O8xGb3GhLiTHtsa2Rsjh8lF/PWTeu3D6yJoMy06kZyBHWuVdyf+BZWZE8MtbKgs= =GJ5+ -----END PGP SIGNATURE-----