-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 17 Jun 2013 22:32:25 -0700 Source: xml-security-c Binary: libxml-security-c15 libxml-security-c-dev Architecture: source i386 Version: 1.5.1-3+squeeze2 Distribution: oldstable-security Urgency: high Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org> Changed-By: Russ Allbery <rra@debian.org> Description: libxml-security-c-dev - C++ library for XML Digital Signatures (development) libxml-security-c15 - C++ library for XML Digital Signatures (runtime) Changes: xml-security-c (1.5.1-3+squeeze2) oldstable-security; urgency=high . * Apply upstream patch to fix a spoofing vulnerability that allows an attacker to reuse existing signatures with arbitrary content. (CVE-2013-2153) * Apply upstream patch to fix a stack overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code. (CVE-2013-2154) * Apply upstream patch to fix processing of the output length of an HMAC-based XML Signature that could cause a denial of service when processing specially chosen input. (CVE-2013-2155) * Apply upstream patch to fix a heap overflow in the processing of the PrefixList attribute optionally used in conjunction with Exclusive Canonicalization, potentially allowing arbitrary code execution. (CVE-2013-2156) Checksums-Sha1: 67c5be50327dc2e9116c9c769dee0e9eb9aeffc5 1670 xml-security-c_1.5.1-3+squeeze2.dsc 448c817fd7f23a7af95d8140c3acb873c4742ccd 11409 xml-security-c_1.5.1-3+squeeze2.diff.gz 56f6a0843ed407e7f1251fea0ffe55467531f767 353826 libxml-security-c15_1.5.1-3+squeeze2_i386.deb 440a28a29bbed621517031025dfb6fc2d8deeb7c 141818 libxml-security-c-dev_1.5.1-3+squeeze2_i386.deb Checksums-Sha256: c7d1e604f59223eb072c9afe44c541b7ef7fe284793335092ffa945aeaef5205 1670 xml-security-c_1.5.1-3+squeeze2.dsc 84a63e5ab73d1bb411ac13c37378321fa75aa99b6702293fffbee178bbd4865b 11409 xml-security-c_1.5.1-3+squeeze2.diff.gz a7f27e86e2699926ce4e77801190725939f2769b53e585f29167acfa361e6b88 353826 libxml-security-c15_1.5.1-3+squeeze2_i386.deb 9c245f62b344db23bf222dfe99ce82a42bc820ed72d0e054033919c5d4af8efb 141818 libxml-security-c-dev_1.5.1-3+squeeze2_i386.deb Files: 911c68dd89f18793c4cc50fc34b77efa 1670 libs extra xml-security-c_1.5.1-3+squeeze2.dsc b89ef9b4f5e5b7fbf3cc47d7d313fe99 11409 libs extra xml-security-c_1.5.1-3+squeeze2.diff.gz f2810505d4c302e9d3773ba57ad6bf76 353826 libs extra libxml-security-c15_1.5.1-3+squeeze2_i386.deb 433a487e2e0c68589971bc1f4b9b6d43 141818 libdevel extra libxml-security-c-dev_1.5.1-3+squeeze2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAEBCAAGBQJRv/IIAAoJEH2AMVxXNt51jZsH/RVeZodvEArMO1CjyypWUGpI WW3aMHwjtiNJJUwMNP0LxMjFy23p6bsEDRN82nIPgvMAQc28VBLplrARwS3blYkS +ESCBAb0NTkSoLL4KGJh2c7j79b7U6idYkxfZBKvjzBElH+dMy19aNFZhTHeqVN4 AOuFP2uwrsT9ZqMLIo78+pWqA5DjDfGUwJ1zJhhEluAg/ezXXHCvoZsHXXeEGho4 60IBA8OoS3lABa9MbOhkMY+WowiO1pp8BS+YTovH2xSZNnnihyX+1g3Wrg194uCH gEwOqECDHdh4KXX9Cz1ePwGCP8gy4wyAVwf4m+xn1SHjVOrz9Gt0O3SUuA72YA8= =rajy -----END PGP SIGNATURE-----