Debian Security Advisory

DSA-4265-1 xml-security-c -- security update

Date Reported:
05 Aug 2018
Affected Packages:
xml-security-c
Vulnerable:
Yes
Security database references:
No other external database security references currently available.
More information:

It was discovered that the Apache XML Security for C++ library performed insufficient validation of KeyInfo hints, which could result in denial of service via NULL pointer dereferences when processing malformed XML data.

For the stable distribution (stretch), this problem has been fixed in version 1.7.3-4+deb9u1.

We recommend that you upgrade your xml-security-c packages.

For the detailed security status of xml-security-c please refer to its security tracker page at: https://security-tracker.debian.org/tracker/xml-security-c