Errata overview
Errata ID 201
Date 2018-08-15
Source package xml-security-c
Fixed in version 1.7.3-4+deb9u1
This update addresses the following issue:
* Default KeyInfo resolver doesn't check for empty element content. The
  Apache Santuario XML Security for C++ library contained a number of code
  paths at risk of dereferencing null pointers when processing various kinds
  of malformed KeyInfo hints typically found in signed or encrypted XML. The
  usual effect is a crash, and in the case of the Shibboleth SP software, a
  crash in the shibd daemon.
Additional notes
UCS Bug number #47476