Package "xml-security-c"
Name: |
xml-security-c
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description. Description samples from packages in group:
- C++ library for XML Digital Signatures (development)
- C++ library for XML Digital Signatures (runtime)
|
Latest version: |
1.6.1-1ubuntu0.1 |
Release: |
precise (12.04) |
Level: |
security |
Repository: |
universe |
Links
Other versions of "xml-security-c" in Precise
Packages in group
Deleted packages are displayed in grey.
Changelog
xml-security-c (1.6.1-1ubuntu0.1) precise-security; urgency=low
* SECURITY UPDATE: (LP: #1192874).
- Apply upstream patch to fix a spoofing vulnerability that allows an
attacker to reuse existing signatures with arbitrary content.
(CVE-2013-2153)
- Apply upstream patch to fix a stack overflow in the processing of
malformed XPointer expressions in the XML Signature Reference
processing code. (CVE-2013-2154)
- Apply upstream patch to fix processing of the output length of an
HMAC-based XML Signature that could cause a denial of service when
processing specially chosen input. (CVE-2013-2155)
- Apply upstream patch to fix a heap overflow in the processing of the
PrefixList attribute optionally used in conjunction with Exclusive
Canonicalization, potentially allowing arbitrary code execution.
(CVE-2013-2156)
* SECURITY UPDATE: The attempted fix to address CVE-2013-2154 introduced
the possibility of a heap overflow, possibly leading to arbitrary code
execution, in the processing of malformed XPointer expressions in the
XML Signature Reference processing code (LP: #1199969).
- Apply upstream patch to fix that heap overflow. (CVE-2013-2210)
-- Christian Biamont <email address hidden> Wed, 25 Sep 2013 10:27:27 +0200
|
1192874 |
heap overflow while processing InclusiveNamespace PrefixList |
1199969 |
Fix for CVE-2013-2154 introduced another possible heap overflow |
CVE-2013-2153 |
The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) ... |
CVE-2013-2154 |
Stack-based buffer overflow in the XML Signature Reference ... |
CVE-2013-2155 |
Apache Santuario XML Security for C++ (aka xml-security-c) before ... |
CVE-2013-2156 |
Heap-based buffer overflow in the Exclusive Canonicalization ... |
CVE-2013-2210 |
Heap-based buffer overflow in the XML Signature Reference ... |
|
About
-
Send Feedback to @ubuntu_updates