VulnerableCode Package Details - pkg:deb/debian/xmlsec1@1.3.9-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-12cg-us37-xbh8	This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information.	CVE-2011-1425
VCID-k6xx-j2uv-67a9	xmlsec1: xmlsec vulnerable to external entity expansion	CVE-2017-1000061
VCID-xzye-g5rw-fyh5	Multiple vulnerabilities have been found in GraphicsMagick, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition.	CVE-2009-3736
VCID-z7ht-bq8z-3qgd	XML signature HMAC truncation authentication bypass This package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.	CVE-2009-0217 GHSA-8hfm-837h-hjg5

Vulnerability

Summary

Aliases

VCID-12cg-us37-xbh8

This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2012. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. Please see the package list and CVE identifiers below for more information.

CVE-2011-1425

VCID-k6xx-j2uv-67a9

xmlsec1: xmlsec vulnerable to external entity expansion

CVE-2017-1000061

VCID-xzye-g5rw-fyh5

Multiple vulnerabilities have been found in GraphicsMagick, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition.

CVE-2009-3736

VCID-z7ht-bq8z-3qgd

XML signature HMAC truncation authentication bypass This package uses a parameter that defines an HMAC truncation length (`HMACOutputLength`) but does not require a minimum for this length, which allows attackers to spoof HMAC-based signatures and bypass authentication by specifying a truncation length with a small number of bits.

CVE-2009-0217
GHSA-8hfm-837h-hjg5

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:21:59.735205+00:00	Debian Importer	Fixing	VCID-12cg-us37-xbh8	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T13:07:53.281367+00:00	Debian Importer	Fixing	VCID-xzye-g5rw-fyh5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:34:15.585391+00:00	Debian Importer	Fixing	VCID-z7ht-bq8z-3qgd	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:54:59.777856+00:00	Debian Importer	Fixing	VCID-k6xx-j2uv-67a9	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T09:12:52.816373+00:00	Debian Importer	Fixing	VCID-12cg-us37-xbh8	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T09:01:53.053784+00:00	Debian Importer	Fixing	VCID-xzye-g5rw-fyh5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:08:24.536488+00:00	Debian Importer	Fixing	VCID-z7ht-bq8z-3qgd	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:38:10.371949+00:00	Debian Importer	Fixing	VCID-k6xx-j2uv-67a9	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:58:44.883997+00:00	Debian Importer	Fixing	VCID-k6xx-j2uv-67a9	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:58:44.841740+00:00	Debian Importer	Fixing	VCID-12cg-us37-xbh8	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:58:44.792427+00:00	Debian Importer	Fixing	VCID-xzye-g5rw-fyh5	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:58:44.743431+00:00	Debian Importer	Fixing	VCID-z7ht-bq8z-3qgd	https://security-tracker.debian.org/tracker/data/json	38.1.0