Bug 2075

Summary: Official update request: xml-security-c, fixing CVE-2011-2516
Product: Mageia Reporter: Sander Lepik <mageia>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: jaanus.ojangu
Version: 1   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://santuario.apache.org/secadv/CVE-2011-2516.txt
Whiteboard:
Source RPM: xml-security-c-1.6.0-1.mga1.src.rpm CVE:
Status comment:

Description Sander Lepik 2011-07-08 12:46:02 CEST 
Description for update:


A buffer overflow exists when creating or verifying XML signatures
with RSA keys of sizes on the order of 8192 or more bits. This typically results
in a crash and denial of service in applications that verify signatures using
keys that could be supplied by an attacker.


More info can be found from the added URL.
Comment 1 Sander Lepik 2011-07-08 13:47:52 CEST 
Package submitted into core/updates_testing.

Status: NEW => ASSIGNED
Assignee: sander.lepik => qa-bugs

Comment 2 Sander Lepik 2011-07-08 16:29:53 CEST 
Test on 64-bit system: tools that need this package are still working as expected.
Package installs w/o problems.
Comment 3 Ojangu 2011-07-08 20:50:48 CEST 
I test it on 32- bit system and it working normally, as expected

CC: (none) => jaanus.ojangu

Comment 4 Sander Lepik 2011-07-08 21:00:25 CEST 
IMHO this package is ready to move into updates.
Comment 5 Nicolas Vigier 2011-07-08 21:08:30 CEST 
pushed to updates.

Status: ASSIGNED => RESOLVED
CC: (none) => boklm
Resolution: (none) => FIXED

Nicolas Vigier 2014-05-08 18:04:43 CEST

CC: boklm => (none)