277875 – [sunrise overlay] dev-libs/xml-security-c XML signature HMAC truncation authentication bypass (CVE-2009-0217)

Bug 277875 - [sunrise overlay] dev-libs/xml-security-c XML signature HMAC truncation authentication bypass (CVE-2009-0217)

Summary: [sunrise overlay] dev-libs/xml-security-c XML signature HMAC truncation authe...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	New packages (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Thomas Beierlein

URL:	http://svn.apache.org/viewvc?view=rev...
Whiteboard:
Keywords:

Depends on:	CVE-2009-0217
Blocks:	89076
	Show dependency tree

Reported:	2009-07-15 00:52 UTC by Robert Buchholz (RETIRED)
Modified:	2009-07-16 06:06 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2009-07-15 00:52:36 UTC

+++ This bug was initially created as a clone of Bug #277872 +++

Please see the blocker for vulnerability details.

Patch: http://svn.apache.org/viewvc?view=rev&revision=794017

Note that since the ebuild is in an overlay, the Security Team will not be tracking this issue via our usual procedures. This is a regular sunrise herd bug.

Comment 1 Thomas Beierlein gentoo-dev

2009-07-16 06:06:22 UTC

Fixed. Thanks for reporting.