TEMP-0913136-041770

NameTEMP-0913136-041770
DescriptionDSA verification crashes OpenSSL on invalid combinations of key content
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs913136

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xml-security-c (PTS)jessie, jessie (lts)1.7.2-3+deb8u2fixed
stretch1.7.3-4+deb9u3fixed
stretch (security), stretch (lts)1.7.3-4+deb9u1vulnerable
buster2.0.2-3fixed
bullseye2.0.2-4fixed
sid, trixie, bookworm2.0.4-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xml-security-csourcewheezy(unfixed)end-of-life
xml-security-csourcejessie1.7.2-3+deb8u2
xml-security-csourcestretch1.7.3-4+deb9u2
xml-security-csource(unstable)2.0.2-2913136

Notes

temporary entry for DLA-1594-1
https://issues.apache.org/jira/browse/SANTUARIO-496
patch 1/2: http://svn.apache.org/r1843562
patch 2/2: http://svn.apache.org/r1843566
Search for package or bug name: Reporting problems