debian/1.7.3-4+deb9u2 · Tags · Shibboleth Team / xml-security-c

debian/1.7.3-4+deb9u2
ff8baaf3 · Update changelog for 1.7.3-4+deb9u2 release · Jan 12, 2020
xml-security-c Debian release 1.7.3-4+deb9u2

Format: 1.8
Date: Mon, 10 Dec 2018 11:45:41 +0100
Source: xml-security-c
Binary: libxml-security-c17v5 libxml-security-c-dev xml-security-c-utils
Architecture: source
Version: 1.7.3-4+deb9u2
Distribution: stretch
Urgency: medium
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxml-security-c-dev - C++ library for XML Digital Signatures (development)
 libxml-security-c17v5 - C++ library for XML Digital Signatures (runtime)
 xml-security-c-utils - C++ library for XML Digital Signatures (utilities)
Closes: 913136
Changes:
 xml-security-c (1.7.3-4+deb9u2) stretch; urgency=medium
 .
   * [12dd825] New patches: DSA verification crashes OpenSSL on invalid
     combinations of key content.
     Particular KeyInfo combinations result in incomplete DSA key structures
     that OpenSSL can't handle without crashing.  In the case of Shibboleth
     SP software this manifests as a crash in the shibd daemon.  Exploitation
     is believed to be possible only in deployments employing the PKIX trust
     engine, which is generally recommended against.
     The upstream patches backported from 2.0.2 apply analogous safeguards to
     the RSA and ECDSA key handling as well.
     Upstream bug: https://issues.apache.org/jira/browse/SANTUARIO-496
     CVE: not assigned
     Thanks to Scott Cantor (Closes: #913136)
Checksums-Sha1:
 2c639df51781cdf4e80d85e4fa209d773924ec97 2336 xml-security-c_1.7.3-4+deb9u2.dsc
 6a3639388f0753a6609e9e73185f7c8f5b51123f 44616 xml-security-c_1.7.3-4+deb9u2.debian.tar.xz
 f46ec85984a85d3d566af9dee7c12299c5bbc8b8 8227 xml-security-c_1.7.3-4+deb9u2_amd64.buildinfo
Checksums-Sha256:
 16a9ef4bc97669f983a2a6a55b8c1ec72411626e8703679040ec9284744613a0 2336 xml-security-c_1.7.3-4+deb9u2.dsc
 32857112f5e7f9749942bb3dda48b95e0ebf2dd641eb9d722a05df91bd154db3 44616 xml-security-c_1.7.3-4+deb9u2.debian.tar.xz
 26b9c4e41efc2d2f750ee4659f9981f1e6219226d46d35b9e6d156e7307ac0f8 8227 xml-security-c_1.7.3-4+deb9u2_amd64.buildinfo
Files:
 a8a3f91717e40cc211f2d98238dfa741 2336 libs extra xml-security-c_1.7.3-4+deb9u2.dsc
 09f9989d01f25072fc9ae346c9229695 44616 libs extra xml-security-c_1.7.3-4+deb9u2.debian.tar.xz
 eb6d896be8ed30de26512aeca464e662 8227 libs extra xml-security-c_1.7.3-4+deb9u2_amd64.buildinfo