xmltooling 1.5.3-2+deb8u3ubuntu0.1 source package in Ubuntu
Changelog
xmltooling (1.5.3-2+deb8u3ubuntu0.1) trusty-security; urgency=high
* SECURITY UPDATE: uncaught exception on malformed XML declaration
Invalid data in the XML declaration causes an exception of a type that
was not handled properly in the parser class and propagates an
unexpected exception type.
This generally manifests as a crash in the calling code, which in the
Service Provider software's case is usually the shibd daemon process,
but can be Apache in some cases. Note that the crash occurs prior to
evaluation of a message's authenticity, so can be exploited by an
untrusted attacker.
- debian/patches/CVE-2019-9628.patch
- CVE-2019-9628
- https://shibboleth.net/community/advisories/secadv_20190311.txt
- LP: #1819912
-- Etienne Dysli Metref <email address hidden> Thu, 14 Mar 2019 11:56:34 +0100
Upload details
- Uploaded by:
- Etienne Dysli Metref
- Sponsored by:
- Eduardo Barretto
- Uploaded to:
- Trusty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Trusty | updates | universe | libs | |
| Trusty | security | universe | libs |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| xmltooling_1.5.3.orig.tar.gz | 659.5 KiB | 90e453deb738574b04f1f1aa08ed7cc9d8746bcbf93eb59f401a6e38f2ec9574 |
| xmltooling_1.5.3-2+deb8u3ubuntu0.1.debian.tar.gz | 14.1 KiB | b2835d47f39dc43d157b369b7c6e4a2cd42b47c6facc2c710c51885406dacc7b |
| xmltooling_1.5.3-2+deb8u3ubuntu0.1.dsc | 2.5 KiB | 7703ca7ff8690263239e09eb0672f35a5daa15a3c0908eff07cf8124f83da42a |
Available diffs
Binary packages built by this source
- libxmltooling-dev: C++ XML parsing library with encryption support (development)
The XMLTooling library contains generic XML parsing and processing
classes based on the Xerces-C DOM. It adds more powerful facilities
for declaring element- and type-specific API and implementation
classes to add value around the DOM, as well as signing and encryption
support.
.
This package contains the headers and other necessary files to build
applications or libraries that use or extend the XMLTooling library.
- libxmltooling-doc: C++ XML parsing library with encryption support (API docs)
The XMLTooling library contains generic XML parsing and processing
classes based on the Xerces-C DOM. It adds more powerful facilities
for declaring element- and type-specific API and implementation
classes to add value around the DOM, as well as signing and encryption
support.
.
This package contains the XMLTooling library API documentation generated
by Doxygen.
- libxmltooling6: C++ XML parsing library with encryption support (runtime)
The XMLTooling library contains generic XML parsing and processing
classes based on the Xerces-C DOM. It adds more powerful facilities for
declaring element- and type-specific API and implementation classes, as
well as signing and encryption support.
.
This package contains the files necessary for running applications that
use the XMLTooling library.
- libxmltooling6-dbgsym: debug symbols for package libxmltooling6
The XMLTooling library contains generic XML parsing and processing
classes based on the Xerces-C DOM. It adds more powerful facilities for
declaring element- and type-specific API and implementation classes, as
well as signing and encryption support.
.
This package contains the files necessary for running applications that
use the XMLTooling library.
- xmltooling-schemas: XML schemas for XMLTooling
The XMLTooling library contains generic XML parsing and processing
classes based on the Xerces-C DOM. It adds more powerful facilities for
declaring element- and type-specific API and implementation classes, as
well as signing and encryption support.
.
This package contains the XML schema files used by the XMLTooling
library.
