CVE-2009-0217

NameCVE-2009-0217
DescriptionThe design of the W3C XML Signature Syntax and Processing (XMLDsig) re ...
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1849-1, DSA-1995-1, DTSA-205-1
Debian Bugs542210

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mono (PTS)stretch4.6.2.7+dfsg-1fixed
buster5.18.0.240+dfsg-3fixed
bullseye, sid6.8.0.105+dfsg-3fixed
xml-security-c (PTS)stretch1.7.3-4+deb9u2fixed
stretch (security)1.7.3-4+deb9u1fixed
bullseye, sid, buster2.0.2-3fixed
xmlsec1 (PTS)stretch1.2.23-0.1fixed
buster1.2.27-2fixed
bullseye, sid1.2.28-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
monosource(unstable)2.4.2.3+dfsg-1
openjdk-6source(unstable)6b16-1.6-1medium542210
openoffice.orgsource(unstable)1:3.1.1-16
openoffice.orgsourceetch2.0.4.dfsg.2-7etch9DSA-1995-1
openoffice.orgsourcelenny1:2.4.1+dfsg-1+lenny6DSA-1995-1
openoffice.orgsourcesqueeze1:3.1.1-15+squeeze1DTSA-205-1
sun-java6source(unstable)6-15-1
sun-java6sourcelenny6-20-0lenny1
xml-security-csource(unstable)1.4.0-4
xml-security-csourceetch1.2.1-3+etch1DSA-1849-1
xml-security-csourcelenny1.4.0-3+lenny2DSA-1849-1
xmlsec1source(unstable)1.2.12-1

Notes

[lenny] - xmlsec1 <no-dsa> (Minor issue)
http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
http://web.archive.org/web/20090124230233/http://anonsvn.mono-project.com:80/viewvc?view=rev
http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix)

Search for package or bug name: Reporting problems