Univention Bugzilla – Bug 47476
xml-security-c: Multiple issues (4.3)
Last modified: 2018-08-15 13:14:33 CEST
New Debian xml-security-c 1.7.3-4+deb9u1 fixes: This update addresses the following issue(s): * TEMP-0905332-CB57BF is resolved 1.7.3-4+deb9u1 (Fri, 03 Aug 2018 11:32:52 +0200) * [93b87c6] New patch: Default KeyInfo resolver doesn't check for empty element content. The Apache Santuario XML Security for C++ library contained a number of code paths at risk of dereferencing null pointers when processing various kinds of malformed KeyInfo hints typically found in signed or encrypted XML. The usual effect is a crash, and in the case of the Shibboleth SP software, a crash in the shibd daemon. Upstream bug: https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491 CVE: not assigned yet Thanks to Scott Cantor
--- mirror/ftp/4.3/unmaintained/4.3-0/source/xml-security-c_1.7.3-4.dsc +++ apt/ucs_4.3-0-errata4.3-1/source/xml-security-c_1.7.3-4+deb9u1.dsc @@ -1,3 +1,17 @@ +1.7.3-4+deb9u1 [Fri, 03 Aug 2018 11:32:52 +0200] Ferenc Wágner <wferi@debian.org>: + + * [93b87c6] New patch: Default KeyInfo resolver doesn't check for empty + element content. + The Apache Santuario XML Security for C++ library contained a + number of code paths at risk of dereferencing null pointers when + processing various kinds of malformed KeyInfo hints typically found + in signed or encrypted XML. The usual effect is a crash, and in the + case of the Shibboleth SP software, a crash in the shibd daemon. + Upstream bug: + https://issues.apache.org/jira/projects/SANTUARIO/issues/SANTUARIO-491 + CVE: not assigned yet + Thanks to Scott Cantor (Closes: #905332) + 1.7.3-4 [Tue, 08 Nov 2016 21:52:45 +0100] Ferenc Wágner <wferi@debian.org>: [ Etienne Dysli Metref ] <http://10.200.17.11/4.3-1/#1835979338982077262>
OK: patches OK: piuparts OK: yaml OK: errata-announce xml-security-c.yaml [4.3-1] f4be5fcb1a fixup! Bug #47476: xml-security-c 1.7.3-4+deb9u1 doc/errata/staging/xml-security-c.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) [4.3-1] cf6abe1af3 Bug #47476: xml-security-c 1.7.3-4+deb9u1 doc/errata/staging/xml-security-c.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
<http://errata.software-univention.de/ucs/4.3/201.html>