debian/1.7.3-4+deb9u1 · Tags · Shibboleth Team / xml-security-c

debian/1.7.3-4+deb9u1
10b1653f · Update changelog for 1.7.3-4+deb9u1 release · Aug 03, 2018
xml-security-c Debian release 1.7.3-4+deb9u1

Format: 1.8
Date: Fri,  3 Aug 2018 14:30:43 CEST
Source: xml-security-c
Binary: libxml-security-c17v5 libxml-security-c-dev xml-security-c-utils
Architecture: source
Version: 1.7.3-4+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxml-security-c-dev - C++ library for XML Digital Signatures (development)
 libxml-security-c17v5 - C++ library for XML Digital Signatures (runtime)
 xml-security-c-utils - C++ library for XML Digital Signatures (utilities)
Closes: 905332
Changes:
 xml-security-c (1.7.3-4+deb9u1) stretch-security; urgency=high
 .
   * [93b87c6] New patch: Default KeyInfo resolver doesn't check for empty
     element content.
     The Apache Santuario XML Security for C++ library contained a
     number of code paths at risk of dereferencing null pointers when
     processing various kinds of malformed KeyInfo hints typically found
     in signed or encrypted XML. The usual effect is a crash, and in the
     case of the Shibboleth SP software, a crash in the shibd daemon.
     Upstream bug:
       https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491
     CVE: not assigned yet
     Thanks to Scott Cantor (Closes: #905332)
Checksums-Sha256:
 1b1228439b760703062e60a6daee033dacf293a95a5feba1a81c7c6d6c873ea4 2336 xml-security-c_1.7.3-4+deb9u1.dsc
 73879fa0f820ef06ae3663ff40232abdb9f8ed51a07ea43ab934bac7d9dfafc3 43404 xml-security-c_1.7.3-4+deb9u1.debian.tar.xz
 e5226e7319d44f6fd9147a13fb853f5c711b9e75bf60ec273a0ef8a190592583 909320 xml-security-c_1.7.3.orig.tar.gz
Checksums-Sha1:
 ce52525c4d6b986ab5ef5ddce7255c0d694b22f7 2336 xml-security-c_1.7.3-4+deb9u1.dsc
 4c20d812dcfdea3dc0c475dc627e66b1300a941f 43404 xml-security-c_1.7.3-4+deb9u1.debian.tar.xz
 bcbe98e0bd3695a0b961a223cce53e2f35c4681b 909320 xml-security-c_1.7.3.orig.tar.gz
Files:
 8ef958f00a785116827955dd242dbae2 2336 libs extra xml-security-c_1.7.3-4+deb9u1.dsc
 544a5a74d240da600efe85dc30efa9b2 43404 libs extra xml-security-c_1.7.3-4+deb9u1.debian.tar.xz
 481a0f29d1b6e898da79f80dbbf7b05b 909320 libs extra xml-security-c_1.7.3.orig.tar.gz