Candidate: CVE-2013-2210
PublicDate: 2013-08-20 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2210
 http://santuario.apache.org/secadv.data/CVE-2013-2210.txt
Description:
 Heap-based buffer overflow in the XML Signature Reference functionality in
 Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2
 allows context-dependent attackers to cause a denial of service (crash) and
 possibly execute arbitrary code via malformed XPointer expressions.  NOTE:
 this is due to an incorrect fix for CVE-2013-2154.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714241
 https://bugs.launchpad.net/ubuntu/+source/xml-security-c/+bug/1199969
Priority: medium
Discovered-by: Jon Erickson
Assigned-to:
CVSS: 

Patches_xml-security-c:
 upstream: http://svn.apache.org/viewvc?view=revision&revision=r1496703
upstream_xml-security-c: released (1.6.1-7, 1.7.2)
lucid_xml-security-c: ignored (reached end-of-life)
precise_xml-security-c: released (1.6.1-1ubuntu0.1)
quantal_xml-security-c: released (1.6.1-7~build0.12.10.1)
raring_xml-security-c: released (1.6.1-7~build0.13.04.1)
devel_xml-security-c: not-affected (1.6.1-7)