Debian Linux Security Advisory 2717-1 - Jon Erickson of iSIGHT Partners Labs discovered a heap overflow in xml-security-c, an implementation of the XML Digital Security specification. The fix to address CVE-2013-2154 introduced the possibility of a heap overflow in the processing of malformed XPointer expressions in the XML Signature Reference processing code, possibly leading to arbitrary code execution.
725b2cb7a37e030f1ad6211488f3d9519ceec802f0dec6c149a6cb4feddff9d9