Alejandro Claro <alejandro.cl...@smartmatic.com> writes: > We found a bug in Apache Santuario C, related to ECDSA signature > generation, few years ego. We provide the fix to the Apache team, and > Scott Cantor kindly accepted the fix in the project. How ever the fix > was introduced in series 2.x of the the library.
Dear Alejandro, I can propose your fix for the next stable update, but I don't know when that will be released. On the other hand, if this buffer overflow leads to an exploitable vulnerability, the Security Team could fast-track the fix. Have you got such a scenario? -- Thanks, Feri
