Ubuntu
xmltooling package

xmltooling 1.5.3-2+deb8u2build0.14.04.1 source package in Ubuntu

Changelog

xmltooling (1.5.3-2+deb8u2build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian (LP: #1743762)

xmltooling (1.5.3-2+deb8u2) jessie-security; urgency=high

  * [5c2845b] Add gbp.conf for jessie
  * [0ffc343] Convert our single patch into a proper patch queue
  * [91e7acb] New patch: CVE-2018-0486: vulnerability to forged user attribute
    data
    The Service Provider software relies on a generic XML parser to process
    SAML responses and there are limitations in older versions of the parser
    that make it impossible to fully disable Document Type Definition (DTD)
    processing.
    Through addition/manipulation of a DTD, it's possible to make changes
    to an XML document that do not break a digital signature but are
    mishandled by the SP and its libraries. These manipulations can alter
    the user data passed through to applications behind the SP and result
    in impersonation attacks and exposure of protected information.
    While the use of XML Encryption can serve as a mitigation for this bug,
    it may still be possible to construct attacks in such cases, and the SP
    does not provide a means to enforce its use.
    CPPXT-127 - Block entity reference nodes during unmarshalling.
    https://issues.shibboleth.net/jira/browse/CPPXT-127
    Thanks to Scott Cantor
  * [49b7352] Update Uploaders: add Etienne, remove Russ, update myself

 -- Steve Beattie <email address hidden>  Wed, 17 Jan 2018 14:38:30 -0800

Upload details

Uploaded by:
Steve Beattie
Uploaded to:
Trusty
Original maintainer:
Debian Shib Team
Architectures:
any all
Section:
libs
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
xmltooling_1.5.3.orig.tar.gz 659.5 KiB 90e453deb738574b04f1f1aa08ed7cc9d8746bcbf93eb59f401a6e38f2ec9574
xmltooling_1.5.3-2+deb8u2build0.14.04.1.debian.tar.gz 11.6 KiB 9708e7efee0c8be2c39640b226728da4ab9e046cb81f87f9855f40b42d8f3783
xmltooling_1.5.3-2+deb8u2build0.14.04.1.dsc 2.4 KiB ffacd679d5a1dc2cdb6e05a018929b6063b7992e02de68b243551f046510360e

View changes file

Binary packages built by this source

libxmltooling-dev: C++ XML parsing library with encryption support (development)

 The XMLTooling library contains generic XML parsing and processing
 classes based on the Xerces-C DOM. It adds more powerful facilities
 for declaring element- and type-specific API and implementation
 classes to add value around the DOM, as well as signing and encryption
 support.
 .
 This package contains the headers and other necessary files to build
 applications or libraries that use or extend the XMLTooling library.

libxmltooling-doc: C++ XML parsing library with encryption support (API docs)

 The XMLTooling library contains generic XML parsing and processing
 classes based on the Xerces-C DOM. It adds more powerful facilities
 for declaring element- and type-specific API and implementation
 classes to add value around the DOM, as well as signing and encryption
 support.
 .
 This package contains the XMLTooling library API documentation generated
 by Doxygen.

libxmltooling6: C++ XML parsing library with encryption support (runtime)

 The XMLTooling library contains generic XML parsing and processing
 classes based on the Xerces-C DOM. It adds more powerful facilities for
 declaring element- and type-specific API and implementation classes, as
 well as signing and encryption support.
 .
 This package contains the files necessary for running applications that
 use the XMLTooling library.

libxmltooling6-dbgsym: debug symbols for package libxmltooling6

 The XMLTooling library contains generic XML parsing and processing
 classes based on the Xerces-C DOM. It adds more powerful facilities for
 declaring element- and type-specific API and implementation classes, as
 well as signing and encryption support.
 .
 This package contains the files necessary for running applications that
 use the XMLTooling library.

xmltooling-schemas: XML schemas for XMLTooling

 The XMLTooling library contains generic XML parsing and processing
 classes based on the Xerces-C DOM. It adds more powerful facilities for
 declaring element- and type-specific API and implementation classes, as
 well as signing and encryption support.
 .
 This package contains the XML schema files used by the XMLTooling
 library.