Bug 694167

Summary: CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass [epel-5]
Product: [Fedora] Fedora EPEL Reporter: Josh Bressers <bressers>
Component: monoAssignee: Xavier Lamien <lxtnow>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: el5CC: lxtnow, pokorra.mailinglists
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---Flags: jtfas90: needinfo? (lxtnow)
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-22 01:04:24 EST Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 511915    

Description Josh Bressers 2011-04-06 12:28:27 EDT
epel-5 tracking bug for mono: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.

[bug automatically created by: add-tracking-bugs]
Comment 1 Jason Taylor 2014-12-09 07:46:47 EST
Hi Xavier,

Are there any plans to update the version of mono and associaated mono packages in epel for el5? If not should we look at retiring the package(s)?


Comment 2 Timotheus Pokorra 2016-11-22 01:04:24 EST
I have now retired Mono 1.2 from Epel5.
I recommend to use Mono 4.2 in Epel7.