| Errata ID | 201 |
|---|---|
| Date | 2018-08-15 |
| Source package | xml-security-c |
| Fixed in version | 1.7.3-4+deb9u1 |
| Description | This update addresses the following issue: * Default KeyInfo resolver doesn't check for empty element content. The Apache Santuario XML Security for C++ library contained a number of code paths at risk of dereferencing null pointers when processing various kinds of malformed KeyInfo hints typically found in signed or encrypted XML. The usual effect is a crash, and in the case of the Shibboleth SP software, a crash in the shibd daemon. |
| Additional notes | |
| UCS Bug number | #47476 |
