Bug 2075 - Official update request: xml-security-c, fixing CVE-2011-2516
Summary: Official update request: xml-security-c, fixing CVE-2011-2516
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 1
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact:
URL: http://santuario.apache.org/secadv/CV...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-08 12:46 CEST by Sander Lepik
Modified: 2014-05-08 18:04 CEST (History)
1 user (show)

See Also:
Source RPM: xml-security-c-1.6.0-1.mga1.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Sander Lepik 2011-07-08 12:46:02 CEST 
Description for update:


A buffer overflow exists when creating or verifying XML signatures
with RSA keys of sizes on the order of 8192 or more bits. This typically results
in a crash and denial of service in applications that verify signatures using
keys that could be supplied by an attacker.


More info can be found from the added URL.
Comment 1 Sander Lepik 2011-07-08 13:47:52 CEST 
Package submitted into core/updates_testing.

Status: NEW => ASSIGNED
Assignee: sander.lepik => qa-bugs

Comment 2 Sander Lepik 2011-07-08 16:29:53 CEST 
Test on 64-bit system: tools that need this package are still working as expected.
Package installs w/o problems.
Comment 3 Ojangu 2011-07-08 20:50:48 CEST 
I test it on 32- bit system and it working normally, as expected

CC: (none) => jaanus.ojangu

Comment 4 Sander Lepik 2011-07-08 21:00:25 CEST 
IMHO this package is ready to move into updates.
Comment 5 Nicolas Vigier 2011-07-08 21:08:30 CEST 
pushed to updates.

Status: ASSIGNED => RESOLVED
CC: (none) => boklm
Resolution: (none) => FIXED

Nicolas Vigier 2014-05-08 18:04:43 CEST

CC: boklm => (none)
Note You need to log in before you can comment on or make changes to this bug.