Candidate: CVE-2013-2155
PublicDate: 2013-08-20 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2155
Description:
 Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1
 does not properly validate length values, which allows remote attackers to
 cause a denial of service or bypass the CVE-2009-0217 protection mechanism
 and spoof a signature via crafted length values to the (1)
 compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3)
 DSIGAlgorithmHandlerDefault::verify functions.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/bugs/1192874
Priority: medium
Discovered-by: James Forshaw
Assigned-to:
CVSS: 

Patches_xml-security-c:
 vendor: http://www.debian.org/security/2013/dsa-2710
upstream_xml-security-c: released (1.6.1-6)
lucid_xml-security-c: released (1.5.1-3+squeeze2build0.10.04.1)
precise_xml-security-c: released (1.6.1-1ubuntu0.1)
quantal_xml-security-c: released (1.6.1-6~build0.12.10.1)
raring_xml-security-c: released (1.6.1-6~build0.13.04.1)
devel_xml-security-c: not-affected (1.6.1-6)