Candidate: CVE-2013-2153
PublicDate: 2013-08-20 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2153
Description:
 The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in
 Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1
 allows context-dependent attackers to reuse signatures and spoof arbitrary
 content via crafted Reference elements in the Signature, aka "XML Signature
 Bypass issue."
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/bugs/1192874
Priority: medium
Discovered-by: James Forshaw
Assigned-to:
CVSS: 


Patches_xml-security-c:
 vendor: http://www.debian.org/security/2013/dsa-2710
upstream_xml-security-c: released (1.6.1-6)
lucid_xml-security-c: released (1.5.1-3+squeeze2build0.10.04.1)
precise_xml-security-c: released (1.6.1-1ubuntu0.1)
quantal_xml-security-c: released (1.6.1-6~build0.12.10.1)
raring_xml-security-c: released (1.6.1-6~build0.13.04.1)
devel_xml-security-c: not-affected (1.6.1-6)