TEMP-0913136-041770

NameTEMP-0913136-041770
DescriptionDSA verification crashes OpenSSL on invalid combinations of key content
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs913136

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xml-security-c (PTS)jessie1.7.2-3vulnerable
jessie (security)1.7.2-3+deb8u2fixed
stretch (security), stretch1.7.3-4+deb9u1vulnerable
buster, sid2.0.2-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xml-security-csource(unstable)2.0.2-2913136
xml-security-csourcejessie1.7.2-3+deb8u2

Notes

[stretch] - xml-security-c <no-dsa> (Minor issue; can be fixed via point release)
temporary entry for DLA-1594-1
https://issues.apache.org/jira/browse/SANTUARIO-496
patch 1/2: http://svn.apache.org/viewvc?view=revision&revision=1843562
patch 2/2: http://svn.apache.org/viewvc?view=revision&revision=1843566

Search for package or bug name: Reporting problems