xml-security-c 1.6.1-7~build0.12.10.1 source package in Ubuntu

Changelog

xml-security-c (1.6.1-7~build0.12.10.1) quantal-security; urgency=low

  * fake sync from Debian

xml-security-c (1.6.1-7) unstable; urgency=high

  * The attempted fix to address CVE-2013-2154 introduced the possibility
    of a heap overflow, possibly leading to arbitrary code execution, in
    the processing of malformed XPointer expressions in the XML Signature
    Reference processing code.  Apply upstream patch to fix that heap
    overflow.  (Closes: #714241, CVE-2013-2210)

xml-security-c (1.6.1-6) unstable; urgency=high

  * Apply upstream patch to fix a spoofing vulnerability that allows an
    attacker to reuse existing signatures with arbitrary content.
    (CVE-2013-2153)
  * Apply upstream patch to fix a stack overflow in the processing of
    malformed XPointer expressions in the XML Signature Reference
    processing code.  (CVE-2013-2154)
  * Apply upstream patch to fix processing of the output length of an
    HMAC-based XML Signature that could cause a denial of service when
    processing specially chosen input.  (CVE-2013-2155)
  * Apply upstream patch to fix a heap overflow in the processing of the
    PrefixList attribute optionally used in conjunction with Exclusive
    Canonicalization, potentially allowing arbitrary code execution.
    (CVE-2013-2156)
 -- Jamie Strandboge <email address hidden>   Wed, 10 Jul 2013 16:14:24 -0500