Launchpad CVE tracker

CVE 2013-2153

The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue."

Related bugs and status

CVE-2013-2153 (Candidate) is related to these bugs:

Bug #1192874: heap overflow while processing InclusiveNamespace PrefixList

		In	Importance	Status
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu)	Undecided	Fix Released
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu Precise)	Undecided	Fix Released
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu Quantal)	Undecided	Fix Released
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu Raring)	Undecided	Fix Released
1192874	heap overflow while processing InclusiveNamespace PrefixList	xml-security-c (Ubuntu Saucy)	Undecided	Fix Released

Bug #1199969: Fix for CVE-2013-2154 introduced another possible heap overflow

		In	Importance	Status
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu)	High	Fix Released
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu Precise)	Undecided	Fix Released
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu Quantal)	Undecided	Fix Released
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu Raring)	Undecided	Fix Released
1199969	Fix for CVE-2013-2154 introduced another possible heap overflow	xml-security-c (Ubuntu Saucy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-2153

References