[SECURITY] [DLA 1594-1] xml-security-c security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1594-1] xml-security-c security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 24 Nov 2018 23:31:39 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.20.1811242325001.24607@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : xml-security-c
Version        : 1.7.2-3+deb8u2

A vulnerability in xml-security-c, a library for the XML Digital Securityspecification, has been found. Different KeyInfo combinations, likesignatures without public key, result in incomplete DSA structures thatcrash openssl during verification.


This vulnerability does not have a CVE identifier yet.


For Debian 8 "Jessie", this problem has been fixed in version
1.7.2-3+deb8u2.

We recommend that you upgrade your xml-security-c packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlv50UtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfbxQ/8CNpgy/XJ5O7XGO8tda4yzlMUHV3os/vFzMLWbl6iV0jncLtgzs//ObwD
K3hCbwaULnP1oHpu/8DBRlJffPmvKLwbN0ZhU1iSpCQ9APMbjW2S5CBq9jowMEav
QPhaqKe+e4v7sua8LyQVyT1yEiqnHCoIkbrBqSoQRzILvKMz7eD0l+XhgBz3R05n
gdlI0MzWuvWHIijnfAvlqb/zf1mDvlrDuydBOvBQ3qVgfx53rUB2C9i3avMchi/r
0SsZfnjQxMu0C18qoRC800Stk3P+zjyFEoDGR2hGcz4YTn9soYC58jEGQMqU6Ub8
XlxFuQLlhsfQGEjwwTCmrI2HXxY5p8flcXtVeCpphlYeGhsR5Uj4pfpfqEoRy/nA
xEcOd/kSlOanJ9RGPP+1d+iT7D/M/mDHZcOn5Py44q8nd8QnMR0sJHqYzhXuqwYo
PoyldbMKb4s+Zjgmke2SLu9rLmvU1hAeVLJjocTJpDToxgnkNw3mzAO1imp1Y8h6
+5rVZ9UGPB92UsEo9WEFvNn2HrQ0CP+RwU11lvMVp+oKw1H+QafCgTR5cB0uOqfV
uhJL2IVIRPPlU3dwJlBUO2/akN/BjzwuPgSoOI06Ds0kr1bmMtJKFtZs2Rm+zKm5
+CU7TJY5/zuZnM2oHdVEqLdL08WjIlt88fGQanjut4GBaKvTbkU=
=kxbW
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1593-1] phpbb3 security update
Next by Date: [SECURITY] [DLA 1595-1] gnuplot5 security update
Previous by thread: [SECURITY] [DLA 1593-1] phpbb3 security update
Next by thread: [SECURITY] [DLA 1595-1] gnuplot5 security update
Index(es):
- Date
- Thread