Bug 694167

Summary: CVE-2009-0217 xmlsec1, mono, xml-security-c, xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass [epel-5]
Product: [Fedora] Fedora EPEL Reporter: Josh Bressers <bressers>
Component: monoAssignee: Xavier Lamien <lxtnow>
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: el5CC: lxtnow, pokorra.mailinglists
Target Milestone: ---Keywords: Security, SecurityTracking
Target Release: ---Flags: jtfas90: needinfo? (lxtnow)
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-22 06:04:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 511915    

Description Josh Bressers 2011-04-06 16:28:27 UTC 
epel-5 tracking bug for mono: see blocks bug list for full details of the security issue(s).

This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.


[bug automatically created by: add-tracking-bugs]
Comment 1 Jason Taylor 2014-12-09 12:46:47 UTC 
Hi Xavier,

Are there any plans to update the version of mono and associaated mono packages in epel for el5? If not should we look at retiring the package(s)?

Regards,

JT
Comment 2 Timotheus Pokorra 2016-11-22 06:04:24 UTC 
I have now retired Mono 1.2 from Epel5.
I recommend to use Mono 4.2 in Epel7.