Bug 694167

Summary: CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass [epel-5]
Product: [Fedora] Fedora EPEL Reporter: Josh Bressers <bressers>
Component: monoAssignee: Xavier Lamien <lxtnow>
Status: NEW --- QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: el5CC: jtfas90, lxtnow
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---Flags: jtfas90: needinfo? (lxtnow)
Hardware: All   
OS: Linux   
Whiteboard: fst_owner=jtaylor
Fixed In Version: Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 511915    

Description Josh Bressers 2011-04-06 12:28:27 EDT
epel-5 tracking bug for mono: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.


[bug automatically created by: add-tracking-bugs]
Comment 1 Jason Taylor 2014-12-09 07:46:47 EST
Hi Xavier,

Are there any plans to update the version of mono and associaated mono packages in epel for el5? If not should we look at retiring the package(s)?

Regards,

JT