-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 14 Jun 2023 22:44:03 +0200 Source: xmltooling Binary: libxmltooling-dev libxmltooling10 libxmltooling10-dbgsym Architecture: armhf Version: 3.2.0-3+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-04) Changed-By: Ferenc Wágner Description: libxmltooling-dev - C++ XML parsing library with encryption support (development) libxmltooling10 - C++ XML parsing library with encryption support (runtime) Closes: 1037948 Changes: xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high . * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into Santuario. Fix a denial of service vulnerability: Parsing of KeyInfo elements can cause remote resource access. Including certain legal but "malicious in intent" content in the KeyInfo element defined by the XML Signature standard will result in attempts by the SP's shibd process to dereference untrusted URLs. While the content of the URL must be supplied within the message and does not include any SP internal state or dynamic content, there is at minimum a risk of denial of service, and the attack could be combined with others to create more serious vulnerabilities in the future. Thanks to Scott Cantor for the fix. (Closes: #1037948) Checksums-Sha1: b7445515bc8a013f9c4912ea7c4b179cffeb3662 79904 libxmltooling-dev_3.2.0-3+deb11u1_armhf.deb b968eac4fa714aae10d3c1746435520ffc16c6ea 7671904 libxmltooling10-dbgsym_3.2.0-3+deb11u1_armhf.deb 033c91bcc570f2ab30a95bc680524a22e8259d85 528960 libxmltooling10_3.2.0-3+deb11u1_armhf.deb da1532123b4008e7cef8f6761e53dc8cfb658347 7927 xmltooling_3.2.0-3+deb11u1_armhf-buildd.buildinfo Checksums-Sha256: 7c370f1e3c45fb9164bd6dd881bf3c1bc4841ed20d7a311e5817a767870ac643 79904 libxmltooling-dev_3.2.0-3+deb11u1_armhf.deb f33943f462e887ac53c051f8565fb216be85d54dba18c0faf81a78ca4819cba1 7671904 libxmltooling10-dbgsym_3.2.0-3+deb11u1_armhf.deb 22f528aec72646b40e7210e9fa83b423b0f42d1e1ab1d2c403df7710f907a182 528960 libxmltooling10_3.2.0-3+deb11u1_armhf.deb a2e8ca63b8277ea5ce70708924ee5290a534ec14b8beada2346e7c00e2324f07 7927 xmltooling_3.2.0-3+deb11u1_armhf-buildd.buildinfo Files: 90cc70c0a81080e33c73b63b89dc21bb 79904 libdevel optional libxmltooling-dev_3.2.0-3+deb11u1_armhf.deb daa55eb2f1826d12eb5a42ca89d8eafa 7671904 debug optional libxmltooling10-dbgsym_3.2.0-3+deb11u1_armhf.deb e3ac65399e9a9f369e9306b928479b2e 528960 libs optional libxmltooling10_3.2.0-3+deb11u1_armhf.deb d26a30867a41c0ad3df562c48a733439 7927 libs optional xmltooling_3.2.0-3+deb11u1_armhf-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEU5Ohx66NeEdc9V4jWTHLDRjMKsQFAmSKMeUACgkQWTHLDRjM KsT9YhAAnYI9a16nZwxWRStVlqL+SbdfQnCnIK82yg2giNiz5HXoKHwoBAFzwtlD mUtWttVR7aXOcO0gqknjG7cUBAw4AvYkm+fuB9KcijdX9LojSsPn9hkHq6ZFdqhr XvhCKI91qMv3DWKSUMuXrWA6pFun9jRqrKUQyy8mgzqlBFHRew9nsGGYTvbg75dO 23LKwRj42YFb6xgGrmV46TypX6ygfvrvwZaNOHCvkDpAsCn+12IWWuQ2kORTqIFW l+lm5iMOmxP6n2QN0FB4tKoTfJLqH3kPEyhuAVLJkDFGndz+zr6VxKFVFyO6YJEA 5BcGdgq2a+C1GSsu1vac/2/2vspnKTgDS9DMvsMoi8n1kjrI2XycNdDMmXGOGJoM 4dRYMR5SNsjg51i3wfYSCfbz5OEWrJEF4l8ESBk07cBl4ZHGvg3WpuCa++A777oG Ej0vLViLqb/LC1jYuOssFS+g2fzaModoUgtMhn0EigtKNeExeWmhWLj6njJo5d0O +ulMvCtGQI9vfEfW1ObtHT9yNk7Rd+tVF1SpX7CfmBdxiliQ8U4Trcoj2+LVm/GS VYn3hammyhIJJHXcz9CVEEEfysi5yRuL7b04uOgi+BqpoKs8yPbaN/y7K6zLSXVW FJ2yUXNmIx5xnX32qpk+1PAWnBNAcLmBnuPjyHtKgJPzAA89tfI= =mBiR -----END PGP SIGNATURE-----