You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by bu...@apache.org on 2013/06/04 18:23:57 UTC
svn commit: r864372 - in /websites/production/santuario/content:
cache/main.pageCache secadv.data/ secadv.data/CVE-2011-2516.txt secadv.html
Author: buildbot
Date: Tue Jun 4 16:23:48 2013
New Revision: 864372
Log:
Production update by buildbot for santuario
Added:
websites/production/santuario/content/secadv.data/
websites/production/santuario/content/secadv.data/CVE-2011-2516.txt
Modified:
websites/production/santuario/content/cache/main.pageCache
websites/production/santuario/content/secadv.html
Modified: websites/production/santuario/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Added: websites/production/santuario/content/secadv.data/CVE-2011-2516.txt
==============================================================================
--- websites/production/santuario/content/secadv.data/CVE-2011-2516.txt (added)
+++ websites/production/santuario/content/secadv.data/CVE-2011-2516.txt Tue Jun 4 16:23:48 2013
@@ -0,0 +1,49 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+CVE-2011-2516: Apache Santuario XML Security for C++ contains buffer
+overflows signing or verifying with large keys.
+
+Severity: Important
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: Apache Santuario XML Security for C++ library versions
+prior to V1.6.1
+
+Description: A buffer overflow exists when creating or verifying XML
+signatures with RSA keys of sizes on the order of 8192 or more bits.
+This typically results in a crash and denial of service in applications
+that verify signatures using keys that could be supplied by an attacker.
+
+Mitigation: Applications using library versions older than V1.6.1 should
+upgrade as soon as possible. Distributors of older versions should apply the
+patches from this subversion revision:
+
+http://svn.apache.org/viewvc?view=revision&revision=1125752
+
+Applications that can prevent the use of arbitrary keys supplied by an
+attacker (such as within the ds:KeyInfo element of a signature), or limit key
+sizes, may prevent the exploitation of this bug.
+
+Credit: This issue was reported by Paulo Zanoni.
+
+References: http://santuario.apache.org/
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (GNU/Linux)
+
+iQIVAwUBUa4JCTeLhFQCJ3liAQoNTA//cfKcq9s6vETpOrnzBzXn3BOwdmWFlNS6
+AMUKBF0D4Xwa3ITGHrxtkxyk+XP0pTWsxrCzxEfbKJNJnjEoNfJmg1K9J726parG
+ajmBgnt6X6g/r7yUgsjZze2wsj2C57u3VsOG3uCOASAbpP56ySzpzVspM+xmdP7N
+aBeKNJJCJdgv1dE6TdQytO8GdaMxNu156HvKktOWvt97OHgDZK+XfIrGtqWZULsN
+ZgnIYVgGKupgrA+28AVh61GWpr1wZMfYYPLGcPq4DS+XI9T533FpshUmiqj1GbRz
+kSc7/8IPCVbBy0y8GgD9r/pZ0uQ0j9t1RtdcYvymnYwY70TnKDeJ+LRoU3CXxMWI
+9XnDZ6rvUoL0G+UMsLjeaEJkJ86BHdn8C8hdYdTZktqsFeTInQeAERunGWcnnkDD
+fLohD5dSBF0hg2YT1f1PGL0ash5C84JN57f2Xy7L2HNqhtNGnatz0JAuno4L2JQ3
+l1xYeFQr8objkFkiTMGtmINiKbXRjlR2RhsB1RCXOAksXNDaS4Z9EQ4+4KhvZP1k
+FQrgdPxK+ZawB3wQfuhXN4W2UXxtgs275ziig0QUYTptsq4DjbMRYguEvJhTcU6k
+xoV6AiRc8SVT5hv6GOxRK7fBoqvWJqZ/YrSjt9fT98ai87z8+5UY0P4/yvv2Iobn
+4gc2PdE8oQk=
+=ULl5
+-----END PGP SIGNATURE-----
Modified: websites/production/santuario/content/secadv.html
==============================================================================
--- websites/production/santuario/content/secadv.html (original)
+++ websites/production/santuario/content/secadv.html Tue Jun 4 16:23:48 2013
@@ -116,7 +116,7 @@ Apache Santuario -- secadv
<div class="wiki-content">
<div class="wiki-content maincontent"><p>The following security advisories have been issued in connection with the Santuario Project.</p>
-<ul><li><a shape="rect" class="external-link" href="http://santuario.apache.org/secadv/CVE-2011-2516.txt">CVE-2011-2516</a>: Apache Santuario XML Security for C++ contains buffer overflows signing or verifying with large keys.</li></ul>
+<ul><li><a shape="rect" href="secadv.data/CVE-2011-2516.txt?version=1&modificationDate=1370360230363">CVE-2011-2516</a>: Apache Santuario XML Security for C++ contains buffer overflows signing or verifying with large keys.</li></ul>
</div>
</div>
<!-- Content -->