Package "libxml-security-c-dev"
Name: |
libxml-security-c-dev
|
Description: |
C++ library for XML Digital Signatures (development)
|
Latest version: |
1.6.1-1ubuntu0.1 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
universe |
Head package: |
xml-security-c |
Homepage: |
http://santuario.apache.org/cindex.html |
Links
Download "libxml-security-c-dev"
Other versions of "libxml-security-c-dev" in Precise
Changelog
xml-security-c (1.6.1-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: (LP: #1192874).
- Apply upstream patch to fix a spoofing vulnerability that allows an
attacker to reuse existing signatures with arbitrary content.
(CVE-2013-2153)
- Apply upstream patch to fix a stack overflow in the processing of
malformed XPointer expressions in the XML Signature Reference
processing code. (CVE-2013-2154)
- Apply upstream patch to fix processing of the output length of an
HMAC-based XML Signature that could cause a denial of service when
processing specially chosen input. (CVE-2013-2155)
- Apply upstream patch to fix a heap overflow in the processing of the
PrefixList attribute optionally used in conjunction with Exclusive
Canonicalization, potentially allowing arbitrary code execution.
(CVE-2013-2156)
* SECURITY UPDATE: The attempted fix to address CVE-2013-2154 introduced
the possibility of a heap overflow, possibly leading to arbitrary code
execution, in the processing of malformed XPointer expressions in the
XML Signature Reference processing code (LP: #1199969).
- Apply upstream patch to fix that heap overflow. (CVE-2013-2210)
-- Christian Biamont <email address hidden> Wed, 25 Sep 2013 10:27:27 +0200
|
1192874 |
heap overflow while processing InclusiveNamespace PrefixList |
1199969 |
Fix for CVE-2013-2154 introduced another possible heap overflow |
CVE-2013-2153 |
The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) ... |
CVE-2013-2154 |
Stack-based buffer overflow in the XML Signature Reference ... |
CVE-2013-2155 |
Apache Santuario XML Security for C++ (aka xml-security-c) before ... |
CVE-2013-2156 |
Heap-based buffer overflow in the Exclusive Canonicalization ... |
CVE-2013-2210 |
Heap-based buffer overflow in the XML Signature Reference ... |
|
About
-
Send Feedback to @ubuntu_updates