-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 14 Jun 2023 22:44:03 +0200 Source: xmltooling Binary: libxmltooling-doc xmltooling-schemas Architecture: all Version: 3.2.0-3+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Ferenc Wágner Description: libxmltooling-doc - C++ XML parsing library with encryption support (API docs) xmltooling-schemas - XML schemas for XMLTooling Closes: 1037948 Changes: xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high . * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into Santuario. Fix a denial of service vulnerability: Parsing of KeyInfo elements can cause remote resource access. Including certain legal but "malicious in intent" content in the KeyInfo element defined by the XML Signature standard will result in attempts by the SP's shibd process to dereference untrusted URLs. While the content of the URL must be supplied within the message and does not include any SP internal state or dynamic content, there is at minimum a risk of denial of service, and the attack could be combined with others to create more serious vulnerabilities in the future. Thanks to Scott Cantor for the fix. (Closes: #1037948) Checksums-Sha1: 0c6fd78f898365510279d2f97bc590d89a116037 5652632 libxmltooling-doc_3.2.0-3+deb11u1_all.deb e59c3ba8fef5368750616c3ed136b0150d39be40 21396 xmltooling-schemas_3.2.0-3+deb11u1_all.deb f68a9e2c5c623e9c2cd850f5357ae1e9b139abe3 9335 xmltooling_3.2.0-3+deb11u1_all-buildd.buildinfo Checksums-Sha256: fb03155dda1dda6f8484525fe00c13639b1cd13a1d38701e837600b0b22ec198 5652632 libxmltooling-doc_3.2.0-3+deb11u1_all.deb 56502e2985cbcc54af5bfdd9cc90f6fe42816651b32cd5cfa5006f3e27640e80 21396 xmltooling-schemas_3.2.0-3+deb11u1_all.deb 5a3e3487ecda38101ad7319b453c237bf4070035208b1c8ff9b4a86b608d4dbb 9335 xmltooling_3.2.0-3+deb11u1_all-buildd.buildinfo Files: 3453b60a3a4906623156c3f1db6204ea 5652632 doc optional libxmltooling-doc_3.2.0-3+deb11u1_all.deb 21c325af2d7e780d700a0cb9fd5e75e1 21396 text optional xmltooling-schemas_3.2.0-3+deb11u1_all.deb aabe2e416556e7e2ec4e36ae8d85e92a 9335 libs optional xmltooling_3.2.0-3+deb11u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEi/TVpVg0yb7dq8QfDZWW6X29YdoFAmSKMM8ACgkQDZWW6X29 Ydqn9Q//S4k6g1ueU9/hVJ7kguV/oRjEeDbx5SumfGkhws+Qh/00uIcrF5+ZwgAo sT+UDtbun4BY6IEYGYMvWEeovpfKI5eR6gO8vqop49c0wrQwcoPHvyqWqr4bgxiI PwJt7tSpnPen0Nu2gp2Eqz7/0plNQKRxn5Taga+ctRYLOi4dFg1DP429kP+g1Ng8 dd60XAz9GhCzOOFgFgWpC5d/RCbBooWV9/RZjHvAUDxAs6imvunYWp76xcPbURy+ 6PacwCKH6vjx7w/QIGN67cgb9TCt/11KWX82Yolln8IWKYho0PY+1TCmUmgZuxzt ygOmtxpp1q5sB+9WmVYGA92yL4R6Z+d1zQOFaasodEm1cRxxatTZIwCBM276N4R5 nF4ZNs72Kp02LgeQiMtK4PkoUK6dYtxsTEvcdP9UF5nR50LqdnO/Njv+olYAvG71 PvBpj+Ur/JKIgcRjuq/zXY6KCV++iHGZcBpcxMnKoMiVXpM3PYLTbZm6Na68b7s2 s4g0yHaa0hxAsXdvIN83CQblqB0QHgoNMSylCtA7nSTnYu0H/PshrwBc0PPXdEBs wxCPPlzPsMOyIe+eqR+O+UOQqkwI7rfifRlmo9l+H8YUxa9klxuQ4NKyjmpQfbC7 KjQZlOalbGfH/p02E+FcgMtgXJUWJwpu5KyFq0mC08pzBqONQ1g= =SQj2 -----END PGP SIGNATURE-----