-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4265-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff August 05, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : xml-security-c CVE ID : not yet available It was discovered that the Apache XML Security for C++ library performed insufficient validation of KeyInfo hints, which could result in denial of service via NULL pointer dereferences when processing malformed XML data. For the stable distribution (stretch), this problem has been fixed in version 1.7.3-4+deb9u1. We recommend that you upgrade your xml-security-c packages. For the detailed security status of xml-security-c please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xml-security-c Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAltm1AIACgkQEMKTtsN8 Tja0GA//bsWN1u/r1xwKb3hXH/skHWikiRxmsuswssu84fo/gvtVOkgahnBdtnae PfNoX25g0WJc7NHH+4P0ehOUIxX4Sypm4IWg2/gX6N3SWuut3D+/WF6tobT+7kha bldJ8ZVqISp5Ss36PmH2TnMIBZ7z43XRpShtC2k43qQz1JMfXgslilBKivQcd4Gw 88tGTMdJbyjc7GvOsrgZw/VphR69c3Fe9hW2x1G3Lasd7kV7/ugZDSt34x/R1Ylp 0nC2rFukc698osMBWcxze1FeyBbAraf4cTAZHCexy8Yo74JZeIu2oeirkre4hZqM SzaWJmp0GEru73Y/mJbssMvsE9N5IDm83AD7kz72pyi1Bcaw2axQ4MwuSYKKveiE YsLdAhTXKksvsuQSbP+msKQJEvscrCq/uYzULwqvKcUj3r+AWIzBNzJQVSMG8cad o1GpUfBYabMWzTd2KoX5nBT/WBhtt+KRgH3rdUZZjnsZfUHPcRW8g/esNT5q1pIv h+uFPjXJ/1t0pPKEWc4BgKo9mQbUri4mrrj9azbEWPGeFuWUAQJ6w92Jp+UyKhN3 A3UCAcCsIvlqT4dab1v3FRR2+1GkOTZjB64TuKO9UBGOFjwo5hWxqCTeGKLikwNH yk82xoyaugszGzInkjXaTouIwWw0Bn0JRw5bbWYbvAaupmoWV5A=ItMu -----END PGP SIGNATURE-----