-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 14 Jun 2023 22:44:03 +0200
Source: xmltooling
Binary: libxmltooling-dev libxmltooling10 libxmltooling10-dbgsym
Architecture: amd64
Version: 3.2.0-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling10 - C++ XML parsing library with encryption support (runtime)
Closes: 1037948
Changes:
 xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high
 .
   * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into
     Santuario.
     Fix a denial of service vulnerability: Parsing of KeyInfo elements can
     cause remote resource access.
     Including certain legal but "malicious in intent" content in the
     KeyInfo element defined by the XML Signature standard will result
     in attempts by the SP's shibd process to dereference untrusted
     URLs.
     While the content of the URL must be supplied within the message
     and does not include any SP internal state or dynamic content,
     there is at minimum a risk of denial of service, and the attack
     could be combined with others to create more serious vulnerabilities
     in the future.
     Thanks to Scott Cantor for the fix. (Closes: #1037948)
Checksums-Sha1:
 a166da63ed0b60bf655a03bf344a5a1c3c642321 79900 libxmltooling-dev_3.2.0-3+deb11u1_amd64.deb
 9fe1ac2d145776d433c89859f320c485f279b41c 7861864 libxmltooling10-dbgsym_3.2.0-3+deb11u1_amd64.deb
 497b26354edff5356168e37029013b3f53166512 630872 libxmltooling10_3.2.0-3+deb11u1_amd64.deb
 7f9a9d983af39b695aa31e6bca8f3101d3abab6e 8026 xmltooling_3.2.0-3+deb11u1_amd64-buildd.buildinfo
Checksums-Sha256:
 791ceba9f16511914fdc7cfe166ccf0bab07b66b5a9bf76cab578978b6bfd5d3 79900 libxmltooling-dev_3.2.0-3+deb11u1_amd64.deb
 3a6509cab245cce702593a068dcb96a7a84ef742ad06f92c60d14f4c12a81621 7861864 libxmltooling10-dbgsym_3.2.0-3+deb11u1_amd64.deb
 d85841f1f668dd1e24f656238f1e6479015cd1e45c1ca212527d89c5a00e2788 630872 libxmltooling10_3.2.0-3+deb11u1_amd64.deb
 056c071f606b73d769485cba6e943ec37ebdd9c3609bf184a5f779bd6c17c313 8026 xmltooling_3.2.0-3+deb11u1_amd64-buildd.buildinfo
Files:
 049c05c02cadf9f1ef0f85f383ad1f06 79900 libdevel optional libxmltooling-dev_3.2.0-3+deb11u1_amd64.deb
 e3538b3a0511602127a2c689d5a4368d 7861864 debug optional libxmltooling10-dbgsym_3.2.0-3+deb11u1_amd64.deb
 ad00e45b45c369c424a88ad5a477bb92 630872 libs optional libxmltooling10_3.2.0-3+deb11u1_amd64.deb
 7f42c8102d0e30667a509d0363f2a59e 8026 libs optional xmltooling_3.2.0-3+deb11u1_amd64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi/TVpVg0yb7dq8QfDZWW6X29YdoFAmSKMWYACgkQDZWW6X29
YdrH4RAAuWRFgVYv7qjGuoPsmshLZUV/84rCXhGPq+s0whZNDzAeYJgZ6gTcywY8
ys9UvVfHXwamRKjeIoieN1URLW1INJikVHba3cdc8S59K1VZPCcp5i4h0im1RYtP
mS8KswLU6pLc4hdjci1YA7nGyhuPPGYLPPd1kSt+e9027qM0KCMsA2BZN6dBvkak
tjSXDg3cv8XdXRiQ1BVUs+hUw6Y3qDb1YorxsWJRKNJZXthVYYE5LOUsGrUCl8Fl
CflZETaS00Mff99DjflN5CkHzMQ5z6jcJ5XWmoRpCV97Wcx4m7YruD7hiCaQiroc
ffMYRmExuIeSVBbXFmr9jdKwjnEpFNbsc4O4M7H372J+/O+t54SbqHFJcEz/NMnG
Q/rLzSlryUyrZS57rMKSQpw121xDyWaQEKCaWUXHYDGjrTfp95XPBZ5ijBdIktkv
g8JdAuCu2mMBFIVzZOa43IHfZ4z/SXpmid8n98ZKLopH5WvlfkSbrzmQBZhw3jSS
N2n8fx0u5GmnPcfTpQ/s65YTt7NOiQqaJFErWEELozEZKT97zVviVwK7QGBIEBtN
q9ldFyHsWD1N9oNYO1M9Pe6/mpB5uxUBa+/RnxEpcaIWMLbyW3yaTZI7GXuzsV2O
YcO/fwkgT/qOn8ynZXIkVHUWjrxROG2+m/jOwgm+VQNc1fRcDoU=
=0bMp
-----END PGP SIGNATURE-----