-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 14 Jun 2023 22:44:03 +0200
Source: xmltooling
Binary: libxmltooling-dev libxmltooling10 libxmltooling10-dbgsym
Architecture: armel
Version: 3.2.0-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-04) <buildd_armhf-arm-ubc-04@buildd.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling10 - C++ XML parsing library with encryption support (runtime)
Closes: 1037948
Changes:
 xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high
 .
   * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into
     Santuario.
     Fix a denial of service vulnerability: Parsing of KeyInfo elements can
     cause remote resource access.
     Including certain legal but "malicious in intent" content in the
     KeyInfo element defined by the XML Signature standard will result
     in attempts by the SP's shibd process to dereference untrusted
     URLs.
     While the content of the URL must be supplied within the message
     and does not include any SP internal state or dynamic content,
     there is at minimum a risk of denial of service, and the attack
     could be combined with others to create more serious vulnerabilities
     in the future.
     Thanks to Scott Cantor for the fix. (Closes: #1037948)
Checksums-Sha1:
 1c6baa1217244ec5ba148a098f9463a49e00a0a3 79896 libxmltooling-dev_3.2.0-3+deb11u1_armel.deb
 3aa1431b637016e15aedcf95e539915a48fa2fce 7643128 libxmltooling10-dbgsym_3.2.0-3+deb11u1_armel.deb
 be7522689b758f99ee8ec4712298bf339a0965f5 508104 libxmltooling10_3.2.0-3+deb11u1_armel.deb
 bd571f4f0aef996244433a17201fca64042b24ff 7925 xmltooling_3.2.0-3+deb11u1_armel-buildd.buildinfo
Checksums-Sha256:
 130e64232783876ca95d40eaf7644199f68109918516a83c51d38d2fd5f19f6f 79896 libxmltooling-dev_3.2.0-3+deb11u1_armel.deb
 1290398e8f4c97490ea12cef173d91827c31b354d81824a6c4dae241f668cb2f 7643128 libxmltooling10-dbgsym_3.2.0-3+deb11u1_armel.deb
 35f3455ca5350215d21e3ba6d15f5c59a53ace4a0046114e980d4f8ed169ead3 508104 libxmltooling10_3.2.0-3+deb11u1_armel.deb
 a98b2e67867bd79e4f95ba7e97850af9bb55d43da2db1e60de056c65f6b30b00 7925 xmltooling_3.2.0-3+deb11u1_armel-buildd.buildinfo
Files:
 ae865f6db3e4fdb1462a85531c16a966 79896 libdevel optional libxmltooling-dev_3.2.0-3+deb11u1_armel.deb
 57b0ef03ab4ecbd1a220718aacc9f354 7643128 debug optional libxmltooling10-dbgsym_3.2.0-3+deb11u1_armel.deb
 ef2fe804cb673ec1e0de284e238d5d47 508104 libs optional libxmltooling10_3.2.0-3+deb11u1_armel.deb
 b72366b8b4668eeeeda0bb986707d772 7925 libs optional xmltooling_3.2.0-3+deb11u1_armel-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEU5Ohx66NeEdc9V4jWTHLDRjMKsQFAmSKM7AACgkQWTHLDRjM
KsRGtg/+PxxVp58rj2pZe86bcPBXTehwsVP0P+AvYH+ZvTnU4/4LZBgMkXfm69tl
ex6IFNPUfYjQxggnfz/qaAZoGrOFPLdRgmeG8DZ1X/Ny9mAiAZxG+SJX3Q4lTzya
Xdq0TwMGNu/ZN1R2Ap9F792lb8pUwlnLivVQE8PsWrbcfdokeQ7aFtuDbv3dTHsg
D5f7/MPQ0bxeQo3rMGF3DfWaXx5ZJaa4hSJY40oG6WS63ipNYKjouFULgAmI3ZIO
o15/VFx7FNwIYGyjZAP//9ko9Q7WCbRqZFakYiQAXL6KMSUCyncGiv72X1VNyG8n
CkdQvdNkvv0sr2eBrDINj/JsupdTDsBoIuHCxl+rMgKS2cd/eo1p+yLc1DkbmEsZ
YEOAg3lPngLCWVnqCqJxkmLiY4Wa32+IRlCNeM+s/EFwV9n8VahU0FWiB3SxaWO/
HZju3zXYKrJKLP/AenRwe9kobTvnnuiF3xOu3k4jUJEwQXOPmUVPTM6mqDw60kRB
wSZky77P2sVIcHWz2pSFiSrGk8GeknHZJtG5vmsyQXcnozvauAOI55zjh7slWk09
7oJPysDgr21xqJgzvFkt+PFbFiyv87FF+J+JSvrsQhVoxXKohSpgXHZkdti+tqSb
L0K9B5YFS3rrRLe1MD2loeAZk3Ae2MbdWhi7dxINoqeK1vq1Ci4=
=gIPV
-----END PGP SIGNATURE-----