TEMP-0913136-041770

NameTEMP-0913136-041770
DescriptionDSA verification crashes OpenSSL on invalid combinations of key content
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs913136

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xml-security-c (PTS)jessie1.7.2-3vulnerable
jessie (security)1.7.2-3+deb8u2fixed
stretch1.7.3-4+deb9u2fixed
stretch (security)1.7.3-4+deb9u1vulnerable
bullseye, sid, buster2.0.2-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xml-security-csource(unstable)2.0.2-2913136
xml-security-csourcejessie1.7.2-3+deb8u2
xml-security-csourcestretch1.7.3-4+deb9u2

Notes

temporary entry for DLA-1594-1
https://issues.apache.org/jira/browse/SANTUARIO-496
patch 1/2: http://svn.apache.org/r1843562
patch 2/2: http://svn.apache.org/r1843566

Search for package or bug name: Reporting problems