xmltooling 1.5.3-2+deb8u2build0.14.04.1 source package in Ubuntu
Changelog
xmltooling (1.5.3-2+deb8u2build0.14.04.1) trusty-security; urgency=medium * fake sync from Debian (LP: #1743762) xmltooling (1.5.3-2+deb8u2) jessie-security; urgency=high * [5c2845b] Add gbp.conf for jessie * [0ffc343] Convert our single patch into a proper patch queue * [91e7acb] New patch: CVE-2018-0486: vulnerability to forged user attribute data The Service Provider software relies on a generic XML parser to process SAML responses and there are limitations in older versions of the parser that make it impossible to fully disable Document Type Definition (DTD) processing. Through addition/manipulation of a DTD, it's possible to make changes to an XML document that do not break a digital signature but are mishandled by the SP and its libraries. These manipulations can alter the user data passed through to applications behind the SP and result in impersonation attacks and exposure of protected information. While the use of XML Encryption can serve as a mitigation for this bug, it may still be possible to construct attacks in such cases, and the SP does not provide a means to enforce its use. CPPXT-127 - Block entity reference nodes during unmarshalling. https://issues.shibboleth.net/jira/browse/CPPXT-127 Thanks to Scott Cantor * [49b7352] Update Uploaders: add Etienne, remove Russ, update myself -- Steve Beattie <email address hidden> Wed, 17 Jan 2018 14:38:30 -0800
Upload details
- Uploaded by:
- Steve Beattie
- Uploaded to:
- Trusty
- Original maintainer:
- Debian Shib Team
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Very Urgent
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
xmltooling_1.5.3.orig.tar.gz | 659.5 KiB | 90e453deb738574b04f1f1aa08ed7cc9d8746bcbf93eb59f401a6e38f2ec9574 |
xmltooling_1.5.3-2+deb8u2build0.14.04.1.debian.tar.gz | 11.6 KiB | 9708e7efee0c8be2c39640b226728da4ab9e046cb81f87f9855f40b42d8f3783 |
xmltooling_1.5.3-2+deb8u2build0.14.04.1.dsc | 2.4 KiB | ffacd679d5a1dc2cdb6e05a018929b6063b7992e02de68b243551f046510360e |
Available diffs
Binary packages built by this source
- libxmltooling-dev: C++ XML parsing library with encryption support (development)
The XMLTooling library contains generic XML parsing and processing
classes based on the Xerces-C DOM. It adds more powerful facilities
for declaring element- and type-specific API and implementation
classes to add value around the DOM, as well as signing and encryption
support.
.
This package contains the headers and other necessary files to build
applications or libraries that use or extend the XMLTooling library.
- libxmltooling-doc: C++ XML parsing library with encryption support (API docs)
The XMLTooling library contains generic XML parsing and processing
classes based on the Xerces-C DOM. It adds more powerful facilities
for declaring element- and type-specific API and implementation
classes to add value around the DOM, as well as signing and encryption
support.
.
This package contains the XMLTooling library API documentation generated
by Doxygen.
- libxmltooling6: C++ XML parsing library with encryption support (runtime)
The XMLTooling library contains generic XML parsing and processing
classes based on the Xerces-C DOM. It adds more powerful facilities for
declaring element- and type-specific API and implementation classes, as
well as signing and encryption support.
.
This package contains the files necessary for running applications that
use the XMLTooling library.
- libxmltooling6-dbgsym: debug symbols for package libxmltooling6
The XMLTooling library contains generic XML parsing and processing
classes based on the Xerces-C DOM. It adds more powerful facilities for
declaring element- and type-specific API and implementation classes, as
well as signing and encryption support.
.
This package contains the files necessary for running applications that
use the XMLTooling library.
- xmltooling-schemas: XML schemas for XMLTooling
The XMLTooling library contains generic XML parsing and processing
classes based on the Xerces-C DOM. It adds more powerful facilities for
declaring element- and type-specific API and implementation classes, as
well as signing and encryption support.
.
This package contains the XML schema files used by the XMLTooling
library.