-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 14 Jun 2023 22:44:03 +0200 Source: xmltooling Binary: libxmltooling-dev libxmltooling10 libxmltooling10-dbgsym Architecture: mips64el Version: 3.2.0-3+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: mipsel Build Daemon (mipsel-osuosl-04) Changed-By: Ferenc Wágner Description: libxmltooling-dev - C++ XML parsing library with encryption support (development) libxmltooling10 - C++ XML parsing library with encryption support (runtime) Closes: 1037948 Changes: xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high . * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into Santuario. Fix a denial of service vulnerability: Parsing of KeyInfo elements can cause remote resource access. Including certain legal but "malicious in intent" content in the KeyInfo element defined by the XML Signature standard will result in attempts by the SP's shibd process to dereference untrusted URLs. While the content of the URL must be supplied within the message and does not include any SP internal state or dynamic content, there is at minimum a risk of denial of service, and the attack could be combined with others to create more serious vulnerabilities in the future. Thanks to Scott Cantor for the fix. (Closes: #1037948) Checksums-Sha1: 46ceaa959b69a454f611779041efc7223cb8dee4 79908 libxmltooling-dev_3.2.0-3+deb11u1_mips64el.deb 99ebe8f818a51d792dd7336799dc3cbf8264b55c 7805148 libxmltooling10-dbgsym_3.2.0-3+deb11u1_mips64el.deb ee4476be8bf26ce5330a3e707309a68f6e468999 524124 libxmltooling10_3.2.0-3+deb11u1_mips64el.deb 8cebd02c8b92209a25880c0dc554eac341bfb2d2 7915 xmltooling_3.2.0-3+deb11u1_mips64el-buildd.buildinfo Checksums-Sha256: e3ac8d4a9670e0c6cee51ef622768a0177fd4548539bc4ed8b1e52a3b992a770 79908 libxmltooling-dev_3.2.0-3+deb11u1_mips64el.deb 5ae4bda7bf91bb5b63ca6c70aefcf51e89dcd295492d4bf5859149f0941d0534 7805148 libxmltooling10-dbgsym_3.2.0-3+deb11u1_mips64el.deb 0cd2dbc3ffc067b41344fd5a9b14a241d32b9828d9ab636e8323e37d52f70698 524124 libxmltooling10_3.2.0-3+deb11u1_mips64el.deb 56ef6171902cc83bbd30f3b2bc1b9a0ec6e4224519a4c4c3bff73b5566ede565 7915 xmltooling_3.2.0-3+deb11u1_mips64el-buildd.buildinfo Files: b6253346caf73cb614a5de6cc6c1a038 79908 libdevel optional libxmltooling-dev_3.2.0-3+deb11u1_mips64el.deb 1288d3f6d01c588c2f861ec79c8db04c 7805148 debug optional libxmltooling10-dbgsym_3.2.0-3+deb11u1_mips64el.deb f58f095a558817ae28fe19df8ad6954f 524124 libs optional libxmltooling10_3.2.0-3+deb11u1_mips64el.deb af20ac07951c9f3fee6f59d6a4dea161 7915 libs optional xmltooling_3.2.0-3+deb11u1_mips64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEbqxhtqqT8knLtgp0Ct/wWqReXfQFAmSKlLwACgkQCt/wWqRe XfTR6w//WekL2FrBiqluci5czgIeBymzU79OXwJmXqzumwNmUUokY6AY6LYSE8WT aHj71AVSjqVqg5qt3NIcc4Ky8fBGr5fUCanDcvSkgCG55McEYyZnhhUrsdov1mBR dKZLcuwKDhf8Z67IpJhHdIEJE3P6aiVNZUIOjnedj8TncpKusm6YuTXGWiNq+q46 urczWKVdnWGSpbhWs2qsAXreGA3HR1fL7tvVVp4J/x2eYeCbduw7yLqD0ly6rysU cmJOSj7Kbaqws1TXOMTCrrefDdCRfWjnGNPZMkSfnRziQVid6Xgq2eYXLMFkA/pT oaEfrMWZkIr9CswKtwjhxrQi+5+V6/XblwCFB18WjOhatHmJ/w3cuyLQ/kHUDWk/ dJnYvOieJvZchfum60BFY/CKP/atusBd7ryy3dxEur91cSBXJ+ZblPykxqi7E4DB qQewkccBL7sjnGOEvGUoUobTGQMsHG5hccE13NgaiadvjQ9OB5anAPoXS69Yige6 0b+ovZQCPebmFdDl1fIfw6Tinp73vVgFy6eHH48QGxedN9WEPR4VndtDysrIpsRP m/AU/LQx7PtrQMnFiualZ3NzuVZkV7xi7O1qr3d6C2iKOiIoAuNoEdH9Fug1qAEW cYWrryQMD5rq4mzoOBDhRCi9VhcR5vOUkfev3qDGOiAX9l3wqeM= =5uwf -----END PGP SIGNATURE-----