Publishing details

• Removed from disk on 2019-03-27.
• Removal requested on 2019-03-27.
• Superseded on 2019-03-26 by xmltooling - 1.5.3-2+deb8u3ubuntu0.1
• Published on 2018-03-21
• Copied from ubuntu trusty in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot

Changelog

xmltooling (1.5.3-2+deb8u3build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian (LP: #1752306)

xmltooling (1.5.3-2+deb8u3) jessie-security; urgency=high

  * [2890d0c] New patches fixing CVE-2018-0489: additional data forgery flaws.
    These flaws allow for changes to an XML document that do not break a
    digital signature but alter the user data passed through to applications
    enabling impersonation attacks and exposure of protected information.
    https://shibboleth.net/community/advisories/secadv_20180227.txt
    https://issues.shibboleth.net/jira/browse/CPPXT-128
    The Add-disallowDoctype-to-parser-configuration.patch is not effective
    under Xerces 3.1 in jessie, but provides more generic protection under
    Xerces 3.2 against issues like CVE-2018-0486.  It's included here for
    completeness and to avoid a conflict applying the CVE-2018-0489 patch.

 -- Steve Beattie <email address hidden>  Tue, 20 Mar 2018 15:21:30 -0700

Builds

• amd64
• arm64
• armhf
• i386
• powerpc
• ppc64el

Package files

• libxmltooling-dev_1.5.3-2+deb8u3build0.14.04.1_amd64.deb (65.4 KiB)
• libxmltooling-dev_1.5.3-2+deb8u3build0.14.04.1_arm64.deb (65.3 KiB)
• libxmltooling-dev_1.5.3-2+deb8u3build0.14.04.1_armhf.deb (65.3 KiB)
• libxmltooling-dev_1.5.3-2+deb8u3build0.14.04.1_i386.deb (65.4 KiB)
• libxmltooling-dev_1.5.3-2+deb8u3build0.14.04.1_powerpc.deb (65.1 KiB)
• libxmltooling-dev_1.5.3-2+deb8u3build0.14.04.1_ppc64el.deb (65.2 KiB)
• libxmltooling-doc_1.5.3-2+deb8u3build0.14.04.1_all.deb (384.5 KiB)
• libxmltooling6-dbgsym_1.5.3-2+deb8u3build0.14.04.1_amd64.ddeb (5.9 MiB)
• libxmltooling6-dbgsym_1.5.3-2+deb8u3build0.14.04.1_arm64.ddeb (5.9 MiB)
• libxmltooling6-dbgsym_1.5.3-2+deb8u3build0.14.04.1_armhf.ddeb (5.7 MiB)
• libxmltooling6-dbgsym_1.5.3-2+deb8u3build0.14.04.1_i386.ddeb (5.7 MiB)
• libxmltooling6-dbgsym_1.5.3-2+deb8u3build0.14.04.1_powerpc.ddeb (5.7 MiB)
• libxmltooling6-dbgsym_1.5.3-2+deb8u3build0.14.04.1_ppc64el.ddeb (6.0 MiB)
• libxmltooling6_1.5.3-2+deb8u3build0.14.04.1_amd64.deb (565.0 KiB)
• libxmltooling6_1.5.3-2+deb8u3build0.14.04.1_arm64.deb (517.0 KiB)
• libxmltooling6_1.5.3-2+deb8u3build0.14.04.1_armhf.deb (490.3 KiB)
• libxmltooling6_1.5.3-2+deb8u3build0.14.04.1_i386.deb (520.6 KiB)
• libxmltooling6_1.5.3-2+deb8u3build0.14.04.1_powerpc.deb (509.0 KiB)
• libxmltooling6_1.5.3-2+deb8u3build0.14.04.1_ppc64el.deb (554.4 KiB)
• xmltooling-schemas_1.5.3-2+deb8u3build0.14.04.1_all.deb (14.0 KiB)
• xmltooling_1.5.3-2+deb8u3build0.14.04.1.debian.tar.gz (13.2 KiB)
• xmltooling_1.5.3-2+deb8u3build0.14.04.1.dsc (2.4 KiB)
• xmltooling_1.5.3.orig.tar.gz (659.5 KiB)