Debian Linux Security Advisory 2710-1 - James Forshaw from Context Information Security discovered several vulnerabilities in xml-security-c, an implementation of the XML Digital Security specification.
9115a6092e44a563c15e997a4b11c3f9292f19c14422c4354bf87e64e409defa
A bug exists in the processing of the output length of an HMAC-based XML Signature that would cause a denial of service when processing specially chosen input. Exploitation of this issue does not require authenticated content. In very unusual cases, inputs could be chosen in such a way that the fix for the issue in CVE-2009-0217 could be bypassed, enabling improper verification of a signature. Versions prior to 1.7.1 are affected.
4ed699c9710bffc9e07a34e7f30bd97e55b2305af63662dc2f499d685d727662