Release | Version |
---|---|
jessie | 1.7.2-3+deb8u2 |
stretch | 1.7.3-4+deb9u3 |
stretch (lts) | 1.7.3-4+deb9u1 |
buster | 2.0.2-3 |
bullseye | 2.0.2-4 |
bookworm | 2.0.4-2 |
trixie | 2.0.4-2 |
sid | 2.0.4-2 |
Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
---|---|---|---|---|---|---|---|---|
CVE-2024-34580 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | vulnerable | vulnerable | Apache XML Security for C++ through 2.0.4 implements the XML Signature ... |
Bug | Description |
---|---|
TEMP-0913136-041770 | DSA verification crashes OpenSSL on invalid combinations of key content |
TEMP-0905332-CB57BF | Default KeyInfo resolver doesn't check for empty element content. |
CVE-2013-2210 | Heap-based buffer overflow in the XML Signature Reference functionalit ... |
CVE-2013-2156 | Heap-based buffer overflow in the Exclusive Canonicalization functiona ... |
CVE-2013-2155 | Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7. ... |
CVE-2013-2154 | Stack-based buffer overflow in the XML Signature Reference functionali ... |
CVE-2013-2153 | The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) ... |
CVE-2011-2516 | Off-by-one error in the XML signature feature in Apache XML Security f ... |
CVE-2009-0217 | The design of the W3C XML Signature Syntax and Processing (XMLDsig) re ... |
DSA / DLA | Description |
---|---|
DLA-1594-1 | xml-security-c - security update |
DLA-1458-1 | xml-security-c - security update |
DSA-4265-1 | xml-security-c - security update |
DSA-2717-1 | xml-security-c - heap overflow |
DSA-2710-1 | xml-security-c - several |
DSA-2277-1 | xml-security-c - buffer overflow |
DSA-1849-1 | xml-security-c - signature forgery |