-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 14 Jun 2023 22:44:03 +0200
Source: xmltooling
Binary: libxmltooling-dev libxmltooling10 libxmltooling10-dbgsym
Architecture: mipsel
Version: 3.2.0-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-04) <buildd_mips64el-mipsel-osuosl-04@buildd.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling10 - C++ XML parsing library with encryption support (runtime)
Closes: 1037948
Changes:
 xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high
 .
   * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into
     Santuario.
     Fix a denial of service vulnerability: Parsing of KeyInfo elements can
     cause remote resource access.
     Including certain legal but "malicious in intent" content in the
     KeyInfo element defined by the XML Signature standard will result
     in attempts by the SP's shibd process to dereference untrusted
     URLs.
     While the content of the URL must be supplied within the message
     and does not include any SP internal state or dynamic content,
     there is at minimum a risk of denial of service, and the attack
     could be combined with others to create more serious vulnerabilities
     in the future.
     Thanks to Scott Cantor for the fix. (Closes: #1037948)
Checksums-Sha1:
 a271f7e589e625d7bab9d2926e472c6c12d72303 79900 libxmltooling-dev_3.2.0-3+deb11u1_mipsel.deb
 b5fb660d8a64d5923d01d977ee9b0cb55ac5bfd8 7555100 libxmltooling10-dbgsym_3.2.0-3+deb11u1_mipsel.deb
 3199cc18d8456d90c6bb4d1eb5b9e7c5617176a8 521260 libxmltooling10_3.2.0-3+deb11u1_mipsel.deb
 fa6be51032cc496fea538c513f601c384dcc1463 7886 xmltooling_3.2.0-3+deb11u1_mipsel-buildd.buildinfo
Checksums-Sha256:
 cb531e238d3d3e475b0b5ecc50be639292d20e7f19c78cb04c92b6151f8e2759 79900 libxmltooling-dev_3.2.0-3+deb11u1_mipsel.deb
 152e9b5e0f016b90f444342f0bc0b761554304c50212173faf3ab8918cd04bf1 7555100 libxmltooling10-dbgsym_3.2.0-3+deb11u1_mipsel.deb
 b988e57eb175e73207908e7dd6af21679a59a86ca65eb0af305c589472d33989 521260 libxmltooling10_3.2.0-3+deb11u1_mipsel.deb
 2d0ab08140a7fa7d6555369fd64114aa59a75d2bf03784627633544e23203a44 7886 xmltooling_3.2.0-3+deb11u1_mipsel-buildd.buildinfo
Files:
 7517d59334cfd095ade91b7405ec2c61 79900 libdevel optional libxmltooling-dev_3.2.0-3+deb11u1_mipsel.deb
 a932d1a5470d2f7f8cccaaa2090db7ab 7555100 debug optional libxmltooling10-dbgsym_3.2.0-3+deb11u1_mipsel.deb
 5542562d01d004ffdb0e937971a82662 521260 libs optional libxmltooling10_3.2.0-3+deb11u1_mipsel.deb
 c78d9b3970ea1f1cc766de647b55c51d 7886 libs optional xmltooling_3.2.0-3+deb11u1_mipsel-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbqxhtqqT8knLtgp0Ct/wWqReXfQFAmSKlxIACgkQCt/wWqRe
XfQ/ABAAosSEZXu5gNY87Fe/33YuamQjylkKaZeWHj0Y+xCKV85u+UzJds+ycW6j
pPHO8KjY7g7H5R9/Wc6xq0g2OIOvTLK9Ic6Ta6qRWTC1ReFAoOcVuJx3huj30X3v
mBNUkua0UJqegoC7SYr/g09yswooOVWYWHiDraJ1VupsB3itw+Ki1U7L290RSNuX
LV6yAAur8gnCX6kwh73Fjsw76C25sbeGQ2zjpsRvP55pcbFbHFCIIQi73zGfUeuL
4QXTvDIDT9mCPYnPcoGmGXjyD50pAk9cKyfuykTyUhViEFK+EKyjyVpNWq8Q59A7
nuPf8s53BoV/Bxki89sbzy2x3Eb1PkbXKr04n2vfqh9jZaaAw8FcV4rtPpTJcrOB
Z5SIBQYRBKcQnwbZY83mr4+cnvvsQjyM5Y28Gu4hH0xgDB/ALOpjdqYLlOJVCLEq
65Sm6sKtxoFv98nUu9mPLENfAQK1udb5te1QTcOoAGZAJyvMM5710RBubhM2Ze7E
3I+dGS3c0RccGDF3deFu6QcEszTIsXmfvhUoETEPr9poXM8yQqr7vEoKFR/TLjQ0
6yemQ70j6WFLtzakYHUlNsn0nEHpqoKzcvlIfxl90nZrMDEm81hbX2O0yS+7tqYn
iKcj3y+oDzeGInJQ/tY0yvLuUSZIoB3XG4zLTEaVTkVxwiHV5/4=
=bwYm
-----END PGP SIGNATURE-----