santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Cantor, Scott" <canto...@osu.edu>
Subject Apache Santuario C++ vulnerabilities / update
Date Tue, 18 Jun 2013 03:40:37 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

The Apache Santuario Project has released V1.7.1 of the XML-Security
C++ library to correct the following reported vulnerabilities:

http://santuario.apache.org/secadv.data/CVE-2013-2153.txt

http://santuario.apache.org/secadv.data/CVE-2013-2154.txt

http://santuario.apache.org/secadv.data/CVE-2013-2155.txt

http://santuario.apache.org/secadv.data/CVE-2013-2156.txt

All versions of the library prior to V1.7.1 are affected by
these issues.

The fixed release is immediately available from
http://santuario.apache.org/download.html

Patches applicable to older versions can also be obtained from
the advisories above.

Thank you to James Forshaw for reporting, and assisting to fix
and test, these issues.

- -- Scott Cantor,
on behalf of the Santuario Project

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (Darwin)

iQIcBAEBCgAGBQJRv9WkAAoJEDeLhFQCJ3liVmwP/j0sqBY+luh/X0VTEluRJdJs
+LanxUP1dSOt4XRGJdDRJh1/0QlhO33ilA2PPKO+eB1EX9PX/UOV36x16IkePWyz
12+SIhPI+YoWyRi42ir9JvSSeM9Ds0dQCdw7T8z5QIJUVdYbnoiXVLDq/X3WWIsO
W8ElA7gJTvZu6JDP56V3Kxl0sZdPOU8oYAi/3ndKs00tSB7v2HvLCPuj81IAcshu
glK3ZAVlxTZ52RxC3RHB/B2AmolaOUiXs33wSj2G1MQA58ZHZW+QoK9Edh3bZRnU
PP5H0dPjgLkjob8pLYRBdrrT08EIewD3eEGqKQP244h/pja48LRe/1olgeZEPuS8
DS9XBzMUr2uCQw15aZ8GFdf8LgWXCJrDSTiW+1seHgaI0YIhzZAX7csU8uJaqoGb
ZObY16+DEf25jcVW/1KFimTS//2jiQ5pw499VIV4d55KBKH3Ru0lWx7W04u78LML
RySeqr92UDeuQN1zVl7bGUF/wfOi70cIU4Ogok3pAF98cgc7w4IqQLTXlksr7aIb
Scter25npFcmehbYUjZTsU++isQFccHuCDg/rW6RDKxbfPIjJbchebAuYRLs6DDC
ah7E9HuKZxE/P+aa63pEbkhGu0yREGBoHdX6oMXbF9cGwNQggKvnQYNO+CAFWHzr
SS9vtKfvmZrsl/VZnSBh
=rFG4
-----END PGP SIGNATURE-----



Mime
View raw message