Information on source package xml-security-c

Available versions

ReleaseVersion
jessie1.7.2-3
jessie (security)1.7.2-3+deb8u1
stretch (security)1.7.3-4+deb9u1
sid1.7.3-4+deb9u1

Open issues

BugjessiestretchsidDescription
TEMP-0913136-041770vulnerablevulnerablevulnerableDSA verification crashes OpenSSL on invalid combinations of key content

Resolved issues

BugDescription
TEMP-0905332-CB57BFDefault KeyInfo resolver doesn't check for empty element content.
CVE-2013-2210Heap-based buffer overflow in the XML Signature Reference ...
CVE-2013-2156Heap-based buffer overflow in the Exclusive Canonicalization ...
CVE-2013-2155Apache Santuario XML Security for C++ (aka xml-security-c) before ...
CVE-2013-2154Stack-based buffer overflow in the XML Signature Reference ...
CVE-2013-2153The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) ...
CVE-2011-2516Off-by-one error in the XML signature feature in Apache XML Security ...
CVE-2009-0217The design of the W3C XML Signature Syntax and Processing (XMLDsig) ...

Security announcements

DSA / DLADescription
DLA-1458-1xml-security-c - security update
DSA-4265-1xml-security-c - security update
DSA-2717-1xml-security-c - heap overflow
DSA-2717-1xml-security-c - heap overflow
DSA-2710-1xml-security-c - several
DSA-2710-1xml-security-c - several
DSA-2277-1xml-security-c - buffer overflow
DSA-2277-1xml-security-c - buffer overflow
DSA-1849-1xml-security-c - signature forgery
DSA-1849-1xml-security-c - signature forgery

Search for package or bug name: Reporting problems