Debian Security Advisory 1849-1 – It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed workaround in the C++ version of the Apache implementation of this standard, xml-security-c, by preventing truncation to output strings shorter than 80 bits or half of the original HMAC output, whichever is greater.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/80005/dsa-1849-1.txt
Source: https://packetstormsecurity.com/files/80005/Debian-Linux-Security-Advisory-1849-1.html