-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 14 Jun 2023 22:44:03 +0200
Source: xmltooling
Binary: libxmltooling-dev libxmltooling10 libxmltooling10-dbgsym
Architecture: arm64
Version: 3.2.0-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: arm Build Daemon (arm-conova-04) <buildd_arm64-arm-conova-04@buildd.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling10 - C++ XML parsing library with encryption support (runtime)
Closes: 1037948
Changes:
 xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high
 .
   * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into
     Santuario.
     Fix a denial of service vulnerability: Parsing of KeyInfo elements can
     cause remote resource access.
     Including certain legal but "malicious in intent" content in the
     KeyInfo element defined by the XML Signature standard will result
     in attempts by the SP's shibd process to dereference untrusted
     URLs.
     While the content of the URL must be supplied within the message
     and does not include any SP internal state or dynamic content,
     there is at minimum a risk of denial of service, and the attack
     could be combined with others to create more serious vulnerabilities
     in the future.
     Thanks to Scott Cantor for the fix. (Closes: #1037948)
Checksums-Sha1:
 46d1f51314cf250cd531113b573534ce0ea25585 79900 libxmltooling-dev_3.2.0-3+deb11u1_arm64.deb
 7580b22d34bda3ffe1680c2f127a7699074d1846 7678480 libxmltooling10-dbgsym_3.2.0-3+deb11u1_arm64.deb
 cfb4ea77a4a061b77e79997f55aa2b6aef9fc1ff 569032 libxmltooling10_3.2.0-3+deb11u1_arm64.deb
 3e28b9f7eb3356fda673bc55f05a44ebfe591f88 7996 xmltooling_3.2.0-3+deb11u1_arm64-buildd.buildinfo
Checksums-Sha256:
 2f66283e3eead4ae43b072d1ddb5e1a3a60f71485923872ca6cd84d6478bfac2 79900 libxmltooling-dev_3.2.0-3+deb11u1_arm64.deb
 b0e0cc05d1bb6f309aba86331cd89669b1f0446e972961775d2821ba719650be 7678480 libxmltooling10-dbgsym_3.2.0-3+deb11u1_arm64.deb
 aba0718b8d24335d69b7daf27a1a537a78d828faaa7cbc5ce281706bf0f8fc6e 569032 libxmltooling10_3.2.0-3+deb11u1_arm64.deb
 d4b09d759c8bc82cbf466b399f12a0335c471ea129f611e3712e0de8414d3acf 7996 xmltooling_3.2.0-3+deb11u1_arm64-buildd.buildinfo
Files:
 c21f9f7394046319ddd430bb7647289e 79900 libdevel optional libxmltooling-dev_3.2.0-3+deb11u1_arm64.deb
 886dbed8be4f27c5d3c3794b012470a3 7678480 debug optional libxmltooling10-dbgsym_3.2.0-3+deb11u1_arm64.deb
 ff2d2f300836a206cabb5603cc04541e 569032 libs optional libxmltooling10_3.2.0-3+deb11u1_arm64.deb
 e37189afb87006667479b613ed95455e 7996 libs optional xmltooling_3.2.0-3+deb11u1_arm64-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEVNIS6FpWdgLvabP3yAdpDL98SQ4FAmSKNGsACgkQyAdpDL98
SQ4F1g//WUTH+0YY3SH32HMLDlWbD/pipOqdqtHFNPi3U3Cyoub3mT6fzQ3urUXQ
4FopcSg/FbiOExd9CQ2A5MzIexOAFwn5aAluKBn7NgYUtORsFm7E1874GNC2RfkP
BcdxuQ/DmnphCBuG+361l9Ycs9O2tmojU6r0zS0s2Bke9/eTnKNAjdU2eJO/bdJi
zXtYOIbZVPYQQYb6fFG6VdkShgIBb6NFQEWIvClvPwpPPZi3j3XddqPkJ9MxXMTG
xis5P1AWKTQXqkMKKodnn6vhNtlVmJrQf5IPfLtq3xHQ+8QM0m3h+qO4QPhI3Rf+
GxfhhYmv2NGC+/bAxwTBC08+HnuyIpxtDQOIRIMznWkzTHCQXc2doqO2cU8bv1dg
eUA7QCmsFuc/+HuRMVa9OyvaVcURm+zo/OPM6HoP80C6XiYSEkBTCMMj6vAcAwNF
RFmgQJsD51i0FrGTLsnuONWiNgqPjqaUbW6LynzHvM+XdYF0iNbmmJyKlnfIXJ7n
yKWAih0AhTzt5KjfeZpnSvkIQSRhQyzgVJQc7NGMiuKmM/gZoBet62E0fwi5NTzP
7A+aqdvlnJCuydcKXmNJjw/nWboBpjpTdvKVeQ1QiwwbVHIX/9ajjVzKhnVOtGxj
q65wRXv9I3qtFsuDXRADV6A0v5BUDfKQlsYgtXrTQPngzfcZ1SA=
=wIRO
-----END PGP SIGNATURE-----