| Release | Version |
|---|---|
| jessie | 1.7.2-3+deb8u2 |
| stretch | 1.7.3-4+deb9u3 |
| stretch (lts) | 1.7.3-4+deb9u1 |
| buster | 2.0.2-3 |
| bullseye | 2.0.2-4 |
| bookworm | 2.0.4-2 |
| trixie | 2.0.4-2 |
| sid | 2.0.4-2 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-34580 | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable (no DSA, postponed) | vulnerable | vulnerable | vulnerable | vulnerable | Apache XML Security for C++ through 2.0.4 implements the XML Signature ... |
| Bug | Description |
|---|---|
| TEMP-0913136-041770 | DSA verification crashes OpenSSL on invalid combinations of key content |
| TEMP-0905332-CB57BF | Default KeyInfo resolver doesn't check for empty element content. |
| CVE-2013-2210 | Heap-based buffer overflow in the XML Signature Reference functionalit ... |
| CVE-2013-2156 | Heap-based buffer overflow in the Exclusive Canonicalization functiona ... |
| CVE-2013-2155 | Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7. ... |
| CVE-2013-2154 | Stack-based buffer overflow in the XML Signature Reference functionali ... |
| CVE-2013-2153 | The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) ... |
| CVE-2011-2516 | Off-by-one error in the XML signature feature in Apache XML Security f ... |
| CVE-2009-0217 | The design of the W3C XML Signature Syntax and Processing (XMLDsig) re ... |
| DSA / DLA | Description |
|---|---|
| DLA-1594-1 | xml-security-c - security update |
| DLA-1458-1 | xml-security-c - security update |
| DSA-4265-1 | xml-security-c - security update |
| DSA-2717-1 | xml-security-c - heap overflow |
| DSA-2710-1 | xml-security-c - several |
| DSA-2277-1 | xml-security-c - buffer overflow |
| DSA-1849-1 | xml-security-c - signature forgery |