-
xmltooling (3.0.5-1build1) focal; urgency=medium
* No-change rebuild for libgcc-s1 package name change.
-- Matthias Klose <email address hidden> Tue, 24 Mar 2020 15:11:56 +0100
-
xmltooling (3.0.5-1) unstable; urgency=medium
* [49cc60b] New upstream release: 3.0.5
* [f713597] As an autopkgtest, build the unit tests against the installed
package
* [023be7c] Enroll to basic Salsa CI
* [8a805da] Upgrade Standards-Version to 4.5.0 (no changes required)
* [ea16c9d] Switch to Debhelper compat level 12
* [373af1f] Enable rootless build
* [b8ce25d] Turn the test logs and result files into autopkgtest artifacts
* [cb949d7] Strip extra signatures from the upstream tarball signing key
* [84b70cd] I don't plan to provide symbols files
-- Ferenc Wágner <email address hidden> Tue, 28 Jan 2020 10:58:01 +0100
-
xmltooling (3.0.4-1) unstable; urgency=high
* [f185b26] New upstream security release: 3.0.4
DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML
declaration.
Invalid data in the XML declaration causes an exception of a type
that was not handled properly in the parser class and propagates an
unexpected exception type.
This generally manifests as a crash in the calling code, which in the
Service Provider software's case is usually the shibd daemon process,
but can be Apache in some cases. Note that the crash occurs prior to
evaluation of a message's authenticity, so can be exploited by an
untrusted attacker.
https://shibboleth.net/community/advisories/secadv_20190311.txt
https://issues.shibboleth.net/jira/browse/CPPXT-143
Thanks to Scott Cantor (Closes: #924346)
-- Ferenc Wágner <email address hidden> Thu, 14 Mar 2019 14:58:36 +0100