[Bug 413583] [NEW] Sync xml-security-c 1.4.0-4 (universe) from Debian testing (main).

[Michael Bienia]

Public bug reported:

Please sync xml-security-c 1.4.0-4 (universe) from Debian testing
(main).

Changelog since current karmic version 1.4.0-3:

xml-security-c (1.4.0-4) unstable; urgency=high

  * CVE-2009-0217: Apply upstream patch to sanity-check the HMAC
    truncation length.  Closes a vulnerability that could allow an
    attacker to spoof HMAC-based signatures and bypass authentication.
  * Remove duplicate section for libxml-security-c14.
  * Update standards version to 3.8.2 (no changes required).

 -- Russ Allbery <rra at debian.org>  Fri, 24 Jul 2009 15:02:55 -0700

** Affects: xml-security-c (Ubuntu)
     Importance: Wishlist
         Status: Confirmed

** Changed in: xml-security-c (Ubuntu)
   Importance: Undecided => Wishlist

** Changed in: xml-security-c (Ubuntu)
       Status: New => Confirmed

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2009-0217

-- 
Sync xml-security-c 1.4.0-4 (universe) from Debian testing (main).
https://bugs.launchpad.net/bugs/413583
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.