Accepted xml-security-c 1.7.2-2~bpo70+1 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 17 Dec 2013 19:18:00 -0800
Source: xml-security-c
Binary: libxml-security-c17 libxml-security-c-dev xml-security-c-utils
Architecture: source i386
Version: 1.7.2-2~bpo70+1
Distribution: wheezy-backports
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description:
libxml-security-c-dev - C++ library for XML Digital Signatures (development)
libxml-security-c17 - C++ library for XML Digital Signatures (runtime)
xml-security-c-utils - C++ library for XML Digital Signatures (utilities)
Closes: 682830 714241
Changes:
xml-security-c (1.7.2-2~bpo70+1) wheezy-backports; urgency=high
.
* Backport to stable.
.
xml-security-c (1.7.2-2) unstable; urgency=low
.
* Upload to unstable.
.
xml-security-c (1.7.2-1) experimental; urgency=high
.
* New upstream release.
- The attempted fix to address CVE-2013-2154 introduced the
possibility of a heap overflow, possibly leading to arbitrary code
execution, in the processing of malformed XPointer expressions in
the XML Signature Reference processing code. Fix that heap
overflow. (Closes: #714241, CVE-2013-2210)
.
xml-security-c (1.7.1-1) experimental; urgency=high
.
* New upstream release.
- Fix a spoofing vulnerability that allows an attacker to reuse
existing signatures with arbitrary content. (CVE-2013-2153)
- Fix a stack overflow in the processing of malformed XPointer
expressions in the XML Signature Reference processing code.
(CVE-2013-2154)
- Fix processing of the output length of an HMAC-based XML Signature
that could cause a denial of service when processing specially
chosen input. (CVE-2013-2155)
- Fix a heap overflow in the processing of the PrefixList attribute
optionally used in conjunction with Exclusive Canonicalization,
potentially allowing arbitrary code execution. (CVE-2013-2156)
- Reduce entity expansion limits when parsing.
- New --id option to the xenc-checksig utility.
* Rename the binaries in the xml-security-c-utils package to start with
xsec-* instead of xmlsec-*. This reflects the common abbreviation
used by the package.
.
xml-security-c (1.7.0-1) experimental; urgency=low
.
* New upstream release.
- AES-GCM support.
- XML Encryption 1.1 OAEP enhancements.
* Increase versioned dependency on libssl-dev to ensure that we have
AES-GCM support. (This only matters for backports to squeeze.)
* Mark libxml-security-c-dev as Multi-Arch: same.
* Add new xml-security-c-utils package that contains the utility
programs included with the library. Rename the binaries to add
"xmlsec-" to the beginning of the names, since some of the programs
are otherwise rather generic. Add man pages for each of the programs.
(Closes: #682830)
* Switch from autotools-dev to dh-autoreconf and regenerate the entire
build system during the build, not just the config.guess and
config.sub scripts, and add --as-needed.
* Add -fPIE to hardening flags since we're now installing binaries.
* Move single-debian-patch to local-options and patch-header to
local-patch-header so that they only apply to the packages built from
the canonical Git repository and NMUs get regular version-numbered
patches.
* Switch to xz compression for *.debian.tar and the *.deb packages.
* Use canonical URLs for Vcs-Browser and Vcs-Git.
* Update standards version to 3.9.4.
- Update debian/copyright to specify copyright-format 1.0.
Checksums-Sha1:
883b97eab57b00517cc9b7c5bf656eeb8dec4f40 1873 xml-security-c_1.7.2-2~bpo70+1.dsc
ab12558b14805346cf19d5a2a51b65379d42412c 12112 xml-security-c_1.7.2-2~bpo70+1.debian.tar.xz
2e6366047f5322a559d91540d57cd5b967222574 290060 libxml-security-c17_1.7.2-2~bpo70+1_i386.deb
60263053c641930cf54db0a77931813268c98b9d 110900 libxml-security-c-dev_1.7.2-2~bpo70+1_i386.deb
61f68efd4c2a465c8f70c112d6b9efeb7c5b3d82 123822 xml-security-c-utils_1.7.2-2~bpo70+1_i386.deb
Checksums-Sha256:
aa55ea7169387920c693546cd2e706d09cd91b9deee0cd0ade21f71fbcbc5865 1873 xml-security-c_1.7.2-2~bpo70+1.dsc
c7577eabad9d12f7fda89ef181f6c36f34d1fdfaef2470d2de98f8fb2def6bff 12112 xml-security-c_1.7.2-2~bpo70+1.debian.tar.xz
55107e2a69a4111bdbb06fd5c0cf2510582fab6bb400f8d90fe15b6b6afa27a2 290060 libxml-security-c17_1.7.2-2~bpo70+1_i386.deb
30292eb836d8ad8de5265c627404cf1dc5e9a7bcee605d26206e098858602264 110900 libxml-security-c-dev_1.7.2-2~bpo70+1_i386.deb
5a27eb87213b0334f2054cda5d992b648e89a3793cd4d6337a2a473e4cf37eca 123822 xml-security-c-utils_1.7.2-2~bpo70+1_i386.deb
Files:
158ce8eafbc05def86a4ff9586a7b6f3 1873 libs extra xml-security-c_1.7.2-2~bpo70+1.dsc
073b7a438469889d9421d3e9196ca519 12112 libs extra xml-security-c_1.7.2-2~bpo70+1.debian.tar.xz
fee4eba09e8c2b11d256c0d3db5a51bb 290060 libs extra libxml-security-c17_1.7.2-2~bpo70+1_i386.deb
11f7b4627dffbb62bac67cddcc26a73f 110900 libdevel extra libxml-security-c-dev_1.7.2-2~bpo70+1_i386.deb
356ec789a1321b48f5c97ba0d93aed94 123822 utils extra xml-security-c-utils_1.7.2-2~bpo70+1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQEcBAEBCAAGBQJSsRgBAAoJEH2AMVxXNt51jhcH/RoVnzofyiL1Nr2PaLb8n+Gh
L8YhX9DMu5pUkaUhU5Ac42SqzEUjPltsZUiI+W4J10PPSZx4bI1UYFlgNiOpmaEm
gtak2p1Mq9QBSPMj4zWw3Sw4HfVQnfLw1aj9dI6Qfeotl26f7rfOyX9gqga3/36u
BDfmqDqz3RrGgw1kFS69DajC/FwmbAwTXQdd4a3OZpl7hMWkfctlpqnq52k4voJU
OBNTIOzmQFo8cZgIR6dfR19dW0m5XIfBYSRrdZcx2kiNxjvR/M7PJemDC7QjVC/s
Iu5v3KK8KkkrBTI8LTjOVTrxDiYF2oS6de+hYKOWfHNry6xbmXfRSxkNpTVAHCY=
=3EZx
-----END PGP SIGNATURE-----
Reply to: