svn commit: r864372 - in /websites/production/santuario/content: cache/main.pageCache secadv.data/ secadv.data/CVE-2011-2516.txt secadv.html

[bu...@apache.org]

Author: buildbot
Date: Tue Jun  4 16:23:48 2013
New Revision: 864372

Log:
Production update by buildbot for santuario

Added:
    websites/production/santuario/content/secadv.data/
    websites/production/santuario/content/secadv.data/CVE-2011-2516.txt
Modified:
    websites/production/santuario/content/cache/main.pageCache
    websites/production/santuario/content/secadv.html

Modified: websites/production/santuario/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Added: websites/production/santuario/content/secadv.data/CVE-2011-2516.txt
==============================================================================
--- websites/production/santuario/content/secadv.data/CVE-2011-2516.txt (added)
+++ websites/production/santuario/content/secadv.data/CVE-2011-2516.txt Tue Jun  4 16:23:48 2013
@@ -0,0 +1,49 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+CVE-2011-2516: Apache Santuario XML Security for C++ contains buffer
+overflows signing or verifying with large keys.
+
+Severity: Important
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: Apache Santuario XML Security for C++ library versions
+prior to V1.6.1
+
+Description: A buffer overflow exists when creating or verifying XML
+signatures with RSA keys of sizes on the order of 8192 or more bits.
+This typically results in a crash and denial of service in applications
+that verify signatures using keys that could be supplied by an attacker.
+
+Mitigation: Applications using library versions older than V1.6.1 should
+upgrade as soon as possible. Distributors of older versions should apply the
+patches from this subversion revision:
+
+http://svn.apache.org/viewvc?view=revision&revision=1125752
+
+Applications that can prevent the use of arbitrary keys supplied by an
+attacker (such as within the ds:KeyInfo element of a signature), or limit key
+sizes, may prevent the exploitation of this bug.
+
+Credit: This issue was reported by Paulo Zanoni.
+
+References: http://santuario.apache.org/
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (GNU/Linux)
+
+iQIVAwUBUa4JCTeLhFQCJ3liAQoNTA//cfKcq9s6vETpOrnzBzXn3BOwdmWFlNS6
+AMUKBF0D4Xwa3ITGHrxtkxyk+XP0pTWsxrCzxEfbKJNJnjEoNfJmg1K9J726parG
+ajmBgnt6X6g/r7yUgsjZze2wsj2C57u3VsOG3uCOASAbpP56ySzpzVspM+xmdP7N
+aBeKNJJCJdgv1dE6TdQytO8GdaMxNu156HvKktOWvt97OHgDZK+XfIrGtqWZULsN
+ZgnIYVgGKupgrA+28AVh61GWpr1wZMfYYPLGcPq4DS+XI9T533FpshUmiqj1GbRz
+kSc7/8IPCVbBy0y8GgD9r/pZ0uQ0j9t1RtdcYvymnYwY70TnKDeJ+LRoU3CXxMWI
+9XnDZ6rvUoL0G+UMsLjeaEJkJ86BHdn8C8hdYdTZktqsFeTInQeAERunGWcnnkDD
+fLohD5dSBF0hg2YT1f1PGL0ash5C84JN57f2Xy7L2HNqhtNGnatz0JAuno4L2JQ3
+l1xYeFQr8objkFkiTMGtmINiKbXRjlR2RhsB1RCXOAksXNDaS4Z9EQ4+4KhvZP1k
+FQrgdPxK+ZawB3wQfuhXN4W2UXxtgs275ziig0QUYTptsq4DjbMRYguEvJhTcU6k
+xoV6AiRc8SVT5hv6GOxRK7fBoqvWJqZ/YrSjt9fT98ai87z8+5UY0P4/yvv2Iobn
+4gc2PdE8oQk=
+=ULl5
+-----END PGP SIGNATURE-----

Modified: websites/production/santuario/content/secadv.html
==============================================================================
--- websites/production/santuario/content/secadv.html (original)
+++ websites/production/santuario/content/secadv.html Tue Jun  4 16:23:48 2013
@@ -116,7 +116,7 @@ Apache Santuario -- secadv
            <div class="wiki-content">
 <div class="wiki-content maincontent"><p>The following security advisories have been issued in connection with the Santuario Project.</p>
 
-<ul><li><a shape="rect" class="external-link" href="http://santuario.apache.org/secadv/CVE-2011-2516.txt">CVE-2011-2516</a>: Apache Santuario XML Security for C++ contains buffer overflows signing or verifying with large keys.</li></ul>
+<ul><li><a shape="rect" href="secadv.data/CVE-2011-2516.txt?version=1&amp;modificationDate=1370360230363">CVE-2011-2516</a>: Apache Santuario XML Security for C++ contains buffer overflows signing or verifying with large keys.</li></ul>
 </div>
            </div>
            <!-- Content -->