Format: 1.8
Date: Thu, 14 Mar 2019 11:56:34 +0100
Source: xmltooling
Binary: libxmltooling6v5 libxmltooling-dev xmltooling-schemas libxmltooling-doc
Architecture: armhf
Version: 1.5.6-2ubuntu0.3
Distribution: xenial
Urgency: high
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-009.buildd>
Changed-By: Etienne Dysli Metref <etienne.dysli-metref@switch.ch>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling-doc - C++ XML parsing library with encryption support (API docs)
 libxmltooling6v5 - C++ XML parsing library with encryption support (runtime)
 xmltooling-schemas - XML schemas for XMLTooling
Launchpad-Bugs-Fixed: 1819912
Changes:
 xmltooling (1.5.6-2ubuntu0.3) xenial-security; urgency=high
 .
   * SECURITY UPDATE: uncaught exception on malformed XML declaration
     Invalid data in the XML declaration causes an exception of a type that
     was not handled properly in the parser class and propagates an
     unexpected exception type.
     This generally manifests as a crash in the calling code, which in the
     Service Provider software's case is usually the shibd daemon process,
     but can be Apache in some cases. Note that the crash occurs prior to
     evaluation of a message's authenticity, so can be exploited by an
     untrusted attacker.
     - debian/patches/CVE-2019-9628.patch
     - CVE-2019-9628
     - https://shibboleth.net/community/advisories/secadv_20190311.txt
     - LP: #1819912
Checksums-Sha1:
 046bb1ee31931e966d8adb0a6a03e40d210fc891 67182 libxmltooling-dev_1.5.6-2ubuntu0.3_armhf.deb
 f7e80b46d6721789af82401063fd725d7d135ea1 5176332 libxmltooling6v5-dbgsym_1.5.6-2ubuntu0.3_armhf.ddeb
 be650543367cc9f2af4466a447de3d9084d767c7 478188 libxmltooling6v5_1.5.6-2ubuntu0.3_armhf.deb
Checksums-Sha256:
 09ac4f54d8816f82a4df39f791ec13934278495073ceef859770dd7ba1e97ffe 67182 libxmltooling-dev_1.5.6-2ubuntu0.3_armhf.deb
 b386eb11378f28ef70c7ee34a0c78d426e03c8ea2e24dd4b4c462ab4e9e38217 5176332 libxmltooling6v5-dbgsym_1.5.6-2ubuntu0.3_armhf.ddeb
 e0084985a91cbe851bcd1f1aad86bbf30b5781adb88e346068dd14c3d665755f 478188 libxmltooling6v5_1.5.6-2ubuntu0.3_armhf.deb
Files:
 a9fff3a19f4f17e3994f86c0b8e93470 67182 libdevel extra libxmltooling-dev_1.5.6-2ubuntu0.3_armhf.deb
 400b657ec4c356b8eca91b5ad499772b 5176332 libs extra libxmltooling6v5-dbgsym_1.5.6-2ubuntu0.3_armhf.ddeb
 1fd252b0275270a3ebc69fdd7e3e97c1 478188 libs extra libxmltooling6v5_1.5.6-2ubuntu0.3_armhf.deb
Original-Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>