Information on source package xml-security-c

Available versions

ReleaseVersion
jessie1.7.2-3+deb8u2
stretch1.7.3-4+deb9u3
stretch (lts)1.7.3-4+deb9u1
buster2.0.2-3
bullseye2.0.2-4
bookworm2.0.4-2
trixie2.0.4-2
sid2.0.4-2

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
CVE-2024-34580vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerable (no DSA, postponed)vulnerablevulnerablevulnerablevulnerableApache XML Security for C++ through 2.0.4 implements the XML Signature ...

Resolved issues

BugDescription
TEMP-0913136-041770DSA verification crashes OpenSSL on invalid combinations of key content
TEMP-0905332-CB57BFDefault KeyInfo resolver doesn't check for empty element content.
CVE-2013-2210Heap-based buffer overflow in the XML Signature Reference functionalit ...
CVE-2013-2156Heap-based buffer overflow in the Exclusive Canonicalization functiona ...
CVE-2013-2155Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7. ...
CVE-2013-2154Stack-based buffer overflow in the XML Signature Reference functionali ...
CVE-2013-2153The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) ...
CVE-2011-2516Off-by-one error in the XML signature feature in Apache XML Security f ...
CVE-2009-0217The design of the W3C XML Signature Syntax and Processing (XMLDsig) re ...

Security announcements

DSA / DLADescription
DLA-1594-1xml-security-c - security update
DLA-1458-1xml-security-c - security update
DSA-4265-1xml-security-c - security update
DSA-2717-1xml-security-c - heap overflow
DSA-2710-1xml-security-c - several
DSA-2277-1xml-security-c - buffer overflow
DSA-1849-1xml-security-c - signature forgery

Search for package or bug name: Reporting problems