epel-6 tracking bug for xmlsec1: see blocks bug list for full details of the security issue(s). This bug is never intended to be made public, please put any public notes in the 'blocks' bugs. [bug automatically created by: add-tracking-bugs]
It looks like this is still vulnerable from 2011 and has never been updated. Can anyone confirm that this is still a problem and has not been patched in the EPEL packages?
The latest built in epel-6 is xmlsec1-1.2.16-2.el6, from 2010, and pre-dates this bug report.
xmlsec1-1.2.19-3.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/xmlsec1-1.2.19-3.el6
Package xmlsec1-1.2.19-3.el6: * should fix your issue, * was pushed to the Fedora EPEL 6 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing xmlsec1-1.2.19-3.el6' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1536/xmlsec1-1.2.19-3.el6 then log in and leave karma (feedback).
xmlsec1-1.2.19-3.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.