Format: 1.8
Date: Thu, 14 Mar 2019 14:58:36 +0100
Source: xmltooling
Binary: libxmltooling-dev libxmltooling8
Architecture: arm64
Version: 3.0.4-1
Distribution: disco-proposed
Urgency: high
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-057.buildd>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling8 - C++ XML parsing library with encryption support (runtime)
Closes: 924346
Changes:
 xmltooling (3.0.4-1) unstable; urgency=high
 .
   * [f185b26] New upstream security release: 3.0.4
     DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML
     declaration.
     Invalid data in the XML declaration causes an exception of a type
     that was not handled properly in the parser class and propagates an
     unexpected exception type.
     This generally manifests as a crash in the calling code, which in the
     Service Provider software's case is usually the shibd daemon process,
     but can be Apache in some cases. Note that the crash occurs prior to
     evaluation of a message's authenticity, so can be exploited by an
     untrusted attacker.
     https://shibboleth.net/community/advisories/secadv_20190311.txt
     https://issues.shibboleth.net/jira/browse/CPPXT-143
     Thanks to Scott Cantor (Closes: #924346)
Checksums-Sha1:
 88e87db162d7500ac95ce3c98d77f229fe40267e 69508 libxmltooling-dev_3.0.4-1_arm64.deb
 ae2ca672d4b33b77689de2c641d59f3d0dd26261 12108048 libxmltooling8-dbgsym_3.0.4-1_arm64.ddeb
 38bd79ad46a824c508767ae836121f9c0877aecf 550864 libxmltooling8_3.0.4-1_arm64.deb
 00c82582158478a43fa17418e9de28c450e5caac 7363 xmltooling_3.0.4-1_arm64.buildinfo
Checksums-Sha256:
 30fce3b1468697b21aa32c8823611b1752dc19ec3f7b5600ebb95a4d969fd795 69508 libxmltooling-dev_3.0.4-1_arm64.deb
 426689d1cb8a388e228d4a0bd05b085ca1f5ab917d94b0b22c36609195961205 12108048 libxmltooling8-dbgsym_3.0.4-1_arm64.ddeb
 37637a3503778309b77f7f8fab586664607be9af23d2d12e8cb24fe50ff04324 550864 libxmltooling8_3.0.4-1_arm64.deb
 5182dcc981eecdca72d2d33638f8dade905aebfce0e384d4d9ac6f3919245a95 7363 xmltooling_3.0.4-1_arm64.buildinfo
Files:
 97376b72e84ad102cb0f8f9b6619c051 69508 libdevel optional libxmltooling-dev_3.0.4-1_arm64.deb
 3ab845b85553909483773990fdc8fd6c 12108048 debug optional libxmltooling8-dbgsym_3.0.4-1_arm64.ddeb
 bfa42d43a9c7fdff98f9f3adeb3b49fe 550864 libs optional libxmltooling8_3.0.4-1_arm64.deb
 a0677a0f6030902b62cbc591c8c7f664 7363 libs optional xmltooling_3.0.4-1_arm64.buildinfo