Oval Definition:oval:org.mitre.oval:def:7932
Revision Date:2014-06-23Version:18
Title:DSA-1849 xml-security-c -- design flaw
Description:It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2009-0217
DSA-1849
Platform(s):Debian GNU/Linux 4.0
Debian GNU/Linux 5.0
Product(s):xml-security-c
Definition Synopsis
  • Release section
  • Debian GNU/Linux 5.0 is installed
  • AND Supported architectures section
  • Installed architecture is s390
  • OR Installed architecture is amd64
  • OR Installed architecture is sparc
  • OR Installed architecture is arm
  • OR Installed architecture is i386
  • OR Installed architecture is armel
  • OR Installed architecture is mips
  • OR Installed architecture is ia64
  • OR Installed architecture is alpha
  • OR Installed architecture is powerpc
  • OR Installed architecture is mipsel
  • OR Installed architecture is hppa
  • AND Packages section
  • libxml-security-c-dev is earlier than 1.4.0-3+lenny2
  • OR libxml-security-c14 is earlier than 1.4.0-3+lenny2
  • OR Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Architecture section
  • Architecture independent section
  • Installed architecture is all
  • AND libxml-security-c-doc is earlier than 1.2.1-3+etch1
  • OR libxml-security-c12 is earlier than 1.2.1-3+etch1
  • OR libxml-security-c-dev is earlier than 1.2.1-3+etch1
    • BACK