wss4j (1.6.15-2) unstable; urgency=medium * Fixed security issues (Closes: #777741): - CVE-2015-0227: WSS4J is still vulnerable to Bleichenbacher's attack (incomplete fix for CVE-2011-2487) - CVE-2015-0226: WSS4J doesn't correctly enforce the requireSignedEncryptedDataElements property * Standards-Version updated to 3.9.6 (no changes) -- Emmanuel Bourg <email address hidden> Thu, 12 Feb 2015 09:11:29 +0100