Format: 1.8 Date: Thu, 14 Mar 2019 14:58:36 +0100 Source: xmltooling Binary: libxmltooling-dev libxmltooling-doc libxmltooling8 xmltooling-schemas Architecture: amd64 all Version: 3.0.4-1 Distribution: disco-proposed Urgency: high Maintainer: Launchpad Build Daemon Changed-By: Ferenc Wágner Description: libxmltooling-dev - C++ XML parsing library with encryption support (development) libxmltooling-doc - C++ XML parsing library with encryption support (API docs) libxmltooling8 - C++ XML parsing library with encryption support (runtime) xmltooling-schemas - XML schemas for XMLTooling Closes: 924346 Changes: xmltooling (3.0.4-1) unstable; urgency=high . * [f185b26] New upstream security release: 3.0.4 DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML declaration. Invalid data in the XML declaration causes an exception of a type that was not handled properly in the parser class and propagates an unexpected exception type. This generally manifests as a crash in the calling code, which in the Service Provider software's case is usually the shibd daemon process, but can be Apache in some cases. Note that the crash occurs prior to evaluation of a message's authenticity, so can be exploited by an untrusted attacker. https://shibboleth.net/community/advisories/secadv_20190311.txt https://issues.shibboleth.net/jira/browse/CPPXT-143 Thanks to Scott Cantor (Closes: #924346) Checksums-Sha1: 7fc64872dd367ec7abe9a66f0140d78b7c53e525 69512 libxmltooling-dev_3.0.4-1_amd64.deb 2d3feb6c17ed2e2e868cc984ce80463fb98dd7b5 5603032 libxmltooling-doc_3.0.4-1_all.deb 27bc8c4fe0e7c097e8b35b0ea7c8fb5a42d51c96 12449836 libxmltooling8-dbgsym_3.0.4-1_amd64.ddeb 8d73123acebb371f288f610a77734b0f54c6da2c 611672 libxmltooling8_3.0.4-1_amd64.deb 5aa83998302199eae3f13cf2f5840838a18da72b 14708 xmltooling-schemas_3.0.4-1_all.deb 891865fff177e51d9e2a2a3e7d55384f76c52113 9574 xmltooling_3.0.4-1_amd64.buildinfo Checksums-Sha256: 592c87aa9c5d49f3974a87010aea5d8cb88203f1234815e195594f9050e80e42 69512 libxmltooling-dev_3.0.4-1_amd64.deb 3eb10422d61976a4d94b101f2f3acb6ac7e2474e1003c0150b7c52af50c668c6 5603032 libxmltooling-doc_3.0.4-1_all.deb 76eb4679f1d0ca09255c3347fc0575e6841edca117cd1b9066c4cff4fb872a1a 12449836 libxmltooling8-dbgsym_3.0.4-1_amd64.ddeb 713e391cd04bc6447cf425eab722c26d0cdd24cc4ce7c374732f817f8c81d705 611672 libxmltooling8_3.0.4-1_amd64.deb c28fd0556f98e258f167125667ebbc1b9734b728092816040cca627cabe01aef 14708 xmltooling-schemas_3.0.4-1_all.deb 120729a815d78da55e4290e87403ee0296624f640db5fb0a7471ebea52183303 9574 xmltooling_3.0.4-1_amd64.buildinfo Files: 40005dae0d18a0250ecda88ab0bbb519 69512 libdevel optional libxmltooling-dev_3.0.4-1_amd64.deb 4e3e4209572aec237a5004c2da59f379 5603032 doc optional libxmltooling-doc_3.0.4-1_all.deb ee4a2186c36443b304bd2df370d3fbd8 12449836 debug optional libxmltooling8-dbgsym_3.0.4-1_amd64.ddeb 416bdb3f5ad98b03adb74ecf94d86ceb 611672 libs optional libxmltooling8_3.0.4-1_amd64.deb 34881d9a6b9254bdea7eeefd97ebdffe 14708 text optional xmltooling-schemas_3.0.4-1_all.deb 39910237a76b6fe83c9585353cd04046 9574 libs optional xmltooling_3.0.4-1_amd64.buildinfo