-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 17 Jun 2013 22:25:32 -0700 Source: xml-security-c Binary: libxml-security-c16 libxml-security-c-dev Architecture: source i386 Version: 1.6.1-5+deb7u1 Distribution: stable-security Urgency: high Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org> Changed-By: Russ Allbery <rra@debian.org> Description: libxml-security-c-dev - C++ library for XML Digital Signatures (development) libxml-security-c16 - C++ library for XML Digital Signatures (runtime) Changes: xml-security-c (1.6.1-5+deb7u1) stable-security; urgency=high . * Apply upstream patch to fix a spoofing vulnerability that allows an attacker to reuse existing signatures with arbitrary content. (CVE-2013-2153) * Apply upstream patch to fix a stack overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code. (CVE-2013-2154) * Apply upstream patch to fix processing of the output length of an HMAC-based XML Signature that could cause a denial of service when processing specially chosen input. (CVE-2013-2155) * Apply upstream patch to fix a heap overflow in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitrary code execution. (CVE-2013-2156) Checksums-Sha1: 672c4fe4d84e7a242039fce066dd0e48270db1b8 1813 xml-security-c_1.6.1-5+deb7u1.dsc 239304659752eb214f3516b6c457c99f0e6467c7 864366 xml-security-c_1.6.1.orig.tar.gz e02663825c4d0a2fe7eec4213debf7ec4f394054 11874 xml-security-c_1.6.1-5+deb7u1.debian.tar.gz 58d74341079e57ef9f70e54c6507c1205716855c 375248 libxml-security-c16_1.6.1-5+deb7u1_i386.deb 50b76eba534719931db9a90ca71c70964b562cd9 151234 libxml-security-c-dev_1.6.1-5+deb7u1_i386.deb Checksums-Sha256: 30c8e9b3c4080a46128eaa1f180ffb923205c2be7787909a17d78a82b5cd9484 1813 xml-security-c_1.6.1-5+deb7u1.dsc 73931a55d6925a82416ea48f8d6f1b8ed591368e1dfc30574fe43904b7c62fcd 864366 xml-security-c_1.6.1.orig.tar.gz 92d65c29ca6c41c79261ded82d2678efb79981aff2e138f41643acb0bb475639 11874 xml-security-c_1.6.1-5+deb7u1.debian.tar.gz d094000713051e96172328fad12d450e3c994240b63032e92101e4c6b0e52f32 375248 libxml-security-c16_1.6.1-5+deb7u1_i386.deb 0014888e3a485f34986aeae43832a9a1c97b85f0bdff4fd8d14d1ca28c4a2127 151234 libxml-security-c-dev_1.6.1-5+deb7u1_i386.deb Files: 774319332f2f8881d79d18d99a407c84 1813 libs extra xml-security-c_1.6.1-5+deb7u1.dsc 808316c80a7453b6d50a0bceb7ebe9bc 864366 libs extra xml-security-c_1.6.1.orig.tar.gz 1395788da13ab0999ebdd2dfab74e73a 11874 libs extra xml-security-c_1.6.1-5+deb7u1.debian.tar.gz e7678e819e9f964c703e9961bc595f23 375248 libs extra libxml-security-c16_1.6.1-5+deb7u1_i386.deb eb14d6a5a5c59d0f111f5533c49118a5 151234 libdevel extra libxml-security-c-dev_1.6.1-5+deb7u1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJRv/CfAAoJEH2AMVxXNt51dIUH/20gzEXtzDU8F4zBjX53D7Rz 3m9BTjIfs4f0KldFSnj6JKSS3zxbTHWJy+8rHyjNq6xaw6pFEFeSRisxoI+JZTHp VNmKSFYG10hMauPtXHp0lEVsAYyxiRe55JdMv8VHXy1Q+wJf209ydwO0aKbabOti IVtGuAV87Vtauq+hluDGYMEU2iFWvC0F+StPyJS1StyqoCKBPN97ZvgdzHPQeTYh dDOEHoCjmXRW1iEyhXHd/gBI0Jb9jmjPKVdSOSy+4xBDZP3D6qGIDaXxMSvvPHmL FMvb2GCkCWkSX/GoHGg4usQThkxtHlU7KqSuZnT8jclZR+o9qGzlsKquEYCFHiA= =BSqf -----END PGP SIGNATURE-----