Format: 1.8
Date: Thu, 14 Mar 2019 14:58:36 +0100
Source: xmltooling
Binary: libxmltooling-dev libxmltooling8
Architecture: i386
Version: 3.0.4-1
Distribution: disco-proposed
Urgency: high
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-022.buildd>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling8 - C++ XML parsing library with encryption support (runtime)
Closes: 924346
Changes:
 xmltooling (3.0.4-1) unstable; urgency=high
 .
   * [f185b26] New upstream security release: 3.0.4
     DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML
     declaration.
     Invalid data in the XML declaration causes an exception of a type
     that was not handled properly in the parser class and propagates an
     unexpected exception type.
     This generally manifests as a crash in the calling code, which in the
     Service Provider software's case is usually the shibd daemon process,
     but can be Apache in some cases. Note that the crash occurs prior to
     evaluation of a message's authenticity, so can be exploited by an
     untrusted attacker.
     https://shibboleth.net/community/advisories/secadv_20190311.txt
     https://issues.shibboleth.net/jira/browse/CPPXT-143
     Thanks to Scott Cantor (Closes: #924346)
Checksums-Sha1:
 710e29b4ba4c7153b95395ceb87e820747d8e87e 69504 libxmltooling-dev_3.0.4-1_i386.deb
 5b478ed26c2b59f103feb111cdc7d46f04d37efb 11946448 libxmltooling8-dbgsym_3.0.4-1_i386.ddeb
 ae3ddab40c5c40fafa2423c4579ca9470f914352 605824 libxmltooling8_3.0.4-1_i386.deb
 5dc32576f16a3c8073ba7795662bd10e688edcb3 7347 xmltooling_3.0.4-1_i386.buildinfo
Checksums-Sha256:
 03b30cd3558f27e93264819ab370f1ca4e05099d7637bce7ca2588de08435731 69504 libxmltooling-dev_3.0.4-1_i386.deb
 ffecc10ab08a89acd5b6efa1e0e96aa7822b3d2b3f78d9eeaa9579ba937eea57 11946448 libxmltooling8-dbgsym_3.0.4-1_i386.ddeb
 c2be5b20dfc3ebd8ff557a877a3e6c39b229d7aa4c68dc62b7e43ac71db555dd 605824 libxmltooling8_3.0.4-1_i386.deb
 4fbb39eb12500af2824daf0fb4659e8d3061587bd1751e5095a9d1a4e9b2db50 7347 xmltooling_3.0.4-1_i386.buildinfo
Files:
 3c8c0dd43b0d112f2b5e5d43ead212a8 69504 libdevel optional libxmltooling-dev_3.0.4-1_i386.deb
 fe11ba0c7ebe7f177a54995795d05b2d 11946448 debug optional libxmltooling8-dbgsym_3.0.4-1_i386.ddeb
 087ce51fbd9de9ad9a1b33b87e6b13d7 605824 libs optional libxmltooling8_3.0.4-1_i386.deb
 0d93b375287a61cdbe958da780606afb 7347 libs optional xmltooling_3.0.4-1_i386.buildinfo