Package "xml-security-c"

  xml-security-c (1.6.1-1ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: (LP: #1192874).
    - Apply upstream patch to fix a spoofing vulnerability that allows an
      attacker to reuse existing signatures with arbitrary content.
      (CVE-2013-2153)
    - Apply upstream patch to fix a stack overflow in the processing of
      malformed XPointer expressions in the XML Signature Reference
      processing code. (CVE-2013-2154)
    - Apply upstream patch to fix processing of the output length of an
      HMAC-based XML Signature that could cause a denial of service when
      processing specially chosen input. (CVE-2013-2155)
    - Apply upstream patch to fix a heap overflow in the processing of the
      PrefixList attribute optionally used in conjunction with Exclusive
      Canonicalization, potentially allowing arbitrary code execution.
      (CVE-2013-2156)
  * SECURITY UPDATE: The attempted fix to address CVE-2013-2154 introduced
    the possibility of a heap overflow, possibly leading to arbitrary code
    execution, in the processing of malformed XPointer expressions in the
    XML Signature Reference processing code (LP: #1199969).
    - Apply upstream patch to fix that heap overflow. (CVE-2013-2210)
 -- Christian Biamont <email address hidden> Wed, 25 Sep 2013 10:27:27 +0200