Search for packages
Package details: pkg:deb/debian/xml-security-c@1.7.2-2~bpo70%2B1
purl pkg:deb/debian/xml-security-c@1.7.2-2~bpo70%2B1
Next non-vulnerable version 1.7.3-4+deb9u3
Latest non-vulnerable version 1.7.3-4+deb9u3
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-99ug-9vqu-aaar
Aliases:
DSA-4265-1 xml-security-c
security update
1.7.3-4+deb9u3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (5)
Vulnerability Summary Aliases
VCID-4b5y-cy9k-aaab Stack-based buffer overflow in the XML Signature Reference functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions, probably related to the DSIGReference::getURIBaseTXFM function. CVE-2013-2154
VCID-6hf3-hcc6-aaah Heap-based buffer overflow in the Exclusive Canonicalization functionality (xsec/canon/XSECC14n20010315.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PrefixList attribute. CVE-2013-2156
VCID-cxag-n2gz-aaae The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 allows context-dependent attackers to reuse signatures and spoof arbitrary content via crafted Reference elements in the Signature, aka "XML Signature Bypass issue." CVE-2013-2153
VCID-fmtn-sbcs-aaas Heap-based buffer overflow in the XML Signature Reference functionality in Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via malformed XPointer expressions. NOTE: this is due to an incorrect fix for CVE-2013-2154. CVE-2013-2210
VCID-jacr-cwyc-aaam Apache Santuario XML Security for C++ (aka xml-security-c) before 1.7.1 does not properly validate length values, which allows remote attackers to cause a denial of service or bypass the CVE-2009-0217 protection mechanism and spoof a signature via crafted length values to the (1) compareBase64StringToRaw, (2) DSIGAlgorithmHandlerDefault, or (3) DSIGAlgorithmHandlerDefault::verify functions. CVE-2013-2155

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T19:11:51.265135+00:00 Debian Oval Importer Fixing VCID-6hf3-hcc6-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:58:11.084884+00:00 Debian Oval Importer Fixing VCID-cxag-n2gz-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:57:02.317274+00:00 Debian Oval Importer Fixing VCID-jacr-cwyc-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T16:41:00.355964+00:00 Debian Oval Importer Fixing VCID-jacr-cwyc-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:22:39.649253+00:00 Debian Oval Importer Fixing VCID-4b5y-cy9k-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T16:19:47.548548+00:00 Debian Oval Importer Fixing VCID-fmtn-sbcs-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:30:39.204633+00:00 Debian Oval Importer Fixing VCID-6hf3-hcc6-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:42:16.286436+00:00 Debian Oval Importer Fixing VCID-cxag-n2gz-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T10:48:44.768932+00:00 Debian Oval Importer Affected by VCID-99ug-9vqu-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.3
2025-06-21T00:45:27.448049+00:00 Debian Oval Importer Fixing VCID-jacr-cwyc-aaam None 36.1.3
2025-06-20T23:58:55.052235+00:00 Debian Oval Importer Fixing VCID-6hf3-hcc6-aaah None 36.1.3
2025-06-20T23:36:16.674157+00:00 Debian Oval Importer Fixing VCID-fmtn-sbcs-aaas None 36.1.3
2025-06-20T23:06:51.635065+00:00 Debian Oval Importer Fixing VCID-4b5y-cy9k-aaab None 36.1.3
2025-06-20T22:56:10.152429+00:00 Debian Oval Importer Fixing VCID-cxag-n2gz-aaae None 36.1.3
2025-06-20T19:56:26.190131+00:00 Debian Oval Importer Affected by VCID-99ug-9vqu-aaar None 36.1.3
2025-06-08T11:40:43.786247+00:00 Debian Oval Importer Fixing VCID-6hf3-hcc6-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:27:34.063637+00:00 Debian Oval Importer Fixing VCID-cxag-n2gz-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:26:28.277221+00:00 Debian Oval Importer Fixing VCID-jacr-cwyc-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T09:26:29.504289+00:00 Debian Oval Importer Fixing VCID-jacr-cwyc-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:08:43.546446+00:00 Debian Oval Importer Fixing VCID-4b5y-cy9k-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T09:06:00.772219+00:00 Debian Oval Importer Fixing VCID-fmtn-sbcs-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T08:25:12.440572+00:00 Debian Oval Importer Fixing VCID-6hf3-hcc6-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:36:29.620049+00:00 Debian Oval Importer Fixing VCID-cxag-n2gz-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:24:49.956248+00:00 Debian Oval Importer Affected by VCID-99ug-9vqu-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.1.0
2025-06-07T18:07:59.420696+00:00 Debian Oval Importer Fixing VCID-jacr-cwyc-aaam None 36.1.0
2025-06-07T17:21:48.111867+00:00 Debian Oval Importer Fixing VCID-6hf3-hcc6-aaah None 36.1.0
2025-06-07T16:59:12.316317+00:00 Debian Oval Importer Fixing VCID-fmtn-sbcs-aaas None 36.1.0
2025-06-07T16:30:01.531257+00:00 Debian Oval Importer Fixing VCID-4b5y-cy9k-aaab None 36.1.0
2025-06-07T16:19:27.356677+00:00 Debian Oval Importer Fixing VCID-cxag-n2gz-aaae None 36.1.0
2025-06-07T13:46:44.604080+00:00 Debian Oval Importer Affected by VCID-99ug-9vqu-aaar None 36.1.0
2025-04-12T20:48:23.477773+00:00 Debian Oval Importer Fixing VCID-4b5y-cy9k-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T20:07:53.952905+00:00 Debian Oval Importer Fixing VCID-fmtn-sbcs-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:25:26.301894+00:00 Debian Oval Importer Fixing VCID-6hf3-hcc6-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:11:45.260514+00:00 Debian Oval Importer Fixing VCID-cxag-n2gz-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:10:37.582690+00:00 Debian Oval Importer Fixing VCID-jacr-cwyc-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T07:58:50.636889+00:00 Debian Oval Importer Fixing VCID-jacr-cwyc-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:40:34.324943+00:00 Debian Oval Importer Fixing VCID-4b5y-cy9k-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T07:37:46.199329+00:00 Debian Oval Importer Fixing VCID-fmtn-sbcs-aaas https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:56:33.389256+00:00 Debian Oval Importer Fixing VCID-6hf3-hcc6-aaah https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:08:49.746988+00:00 Debian Oval Importer Fixing VCID-cxag-n2gz-aaae https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T02:54:44.560253+00:00 Debian Oval Importer Affected by VCID-99ug-9vqu-aaar https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2 36.0.0
2025-04-07T16:45:10.888806+00:00 Debian Oval Importer Fixing VCID-jacr-cwyc-aaam None 36.0.0
2025-04-07T15:55:52.027228+00:00 Debian Oval Importer Fixing VCID-6hf3-hcc6-aaah None 36.0.0
2025-04-07T15:32:22.718618+00:00 Debian Oval Importer Fixing VCID-fmtn-sbcs-aaas None 36.0.0
2025-04-07T15:01:58.846971+00:00 Debian Oval Importer Fixing VCID-4b5y-cy9k-aaab None 36.0.0
2025-04-07T14:51:06.342292+00:00 Debian Oval Importer Fixing VCID-cxag-n2gz-aaae None 36.0.0
2025-04-07T12:21:52.891785+00:00 Debian Oval Importer Affected by VCID-99ug-9vqu-aaar None 36.0.0
2024-12-30T16:11:36.443752+00:00 Debian Oval Importer Fixing VCID-6hf3-hcc6-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-12-30T13:02:04.335381+00:00 Debian Oval Importer Fixing VCID-jacr-cwyc-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-12-30T09:54:59.670473+00:00 Debian Oval Importer Fixing VCID-4b5y-cy9k-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-12-30T09:52:37.181081+00:00 Debian Oval Importer Fixing VCID-cxag-n2gz-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-15T08:27:30.053773+00:00 Debian Oval Importer Fixing VCID-fmtn-sbcs-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-15T07:30:55.275265+00:00 Debian Oval Importer Fixing VCID-6hf3-hcc6-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-15T07:28:38.644270+00:00 Debian Oval Importer Fixing VCID-jacr-cwyc-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-15T07:26:22.213094+00:00 Debian Oval Importer Fixing VCID-4b5y-cy9k-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-15T07:24:58.907849+00:00 Debian Oval Importer Fixing VCID-cxag-n2gz-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-10-05T06:08:50.880204+00:00 Debian Oval Importer Fixing VCID-fmtn-sbcs-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-10-05T05:25:07.351007+00:00 Debian Oval Importer Fixing VCID-6hf3-hcc6-aaah https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-10-05T05:23:17.255484+00:00 Debian Oval Importer Fixing VCID-jacr-cwyc-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-10-05T05:21:24.703024+00:00 Debian Oval Importer Fixing VCID-4b5y-cy9k-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1
2024-10-05T05:20:20.032587+00:00 Debian Oval Importer Fixing VCID-cxag-n2gz-aaae https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1