-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 14 Jun 2023 22:44:03 +0200 Source: xmltooling Binary: libxmltooling-dev libxmltooling10 libxmltooling10-dbgsym Architecture: ppc64el Version: 3.2.0-3+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Ferenc Wágner Description: libxmltooling-dev - C++ XML parsing library with encryption support (development) libxmltooling10 - C++ XML parsing library with encryption support (runtime) Closes: 1037948 Changes: xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high . * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into Santuario. Fix a denial of service vulnerability: Parsing of KeyInfo elements can cause remote resource access. Including certain legal but "malicious in intent" content in the KeyInfo element defined by the XML Signature standard will result in attempts by the SP's shibd process to dereference untrusted URLs. While the content of the URL must be supplied within the message and does not include any SP internal state or dynamic content, there is at minimum a risk of denial of service, and the attack could be combined with others to create more serious vulnerabilities in the future. Thanks to Scott Cantor for the fix. (Closes: #1037948) Checksums-Sha1: fbfe008d516637aa0040aa68424f6001082f37fe 79908 libxmltooling-dev_3.2.0-3+deb11u1_ppc64el.deb c84ee95097548678eda1c477f5dfcd1203af59b6 7791828 libxmltooling10-dbgsym_3.2.0-3+deb11u1_ppc64el.deb 908505a3d49e41a0d3bbc71e8964b2372868b9a2 620968 libxmltooling10_3.2.0-3+deb11u1_ppc64el.deb e3dbb4b9c2c01e73ced79408deaa8c13dcb49807 8050 xmltooling_3.2.0-3+deb11u1_ppc64el-buildd.buildinfo Checksums-Sha256: db106f46f996ba87ba84014b465ca3d76d64e5427e4b3959498fdd00778544cd 79908 libxmltooling-dev_3.2.0-3+deb11u1_ppc64el.deb b3f99012b9352cb1ca1c54221bc44e666641179de82a778e6e3c7ccf63075094 7791828 libxmltooling10-dbgsym_3.2.0-3+deb11u1_ppc64el.deb f489b263033b15bea68589f96280509ea0e200baa4fab402f6d214685c9fd420 620968 libxmltooling10_3.2.0-3+deb11u1_ppc64el.deb 0904dd549428ce168b50d39558e134d82b54c5899f4e94655f727197336f1256 8050 xmltooling_3.2.0-3+deb11u1_ppc64el-buildd.buildinfo Files: 43e4710894162d8e080875f4281f056b 79908 libdevel optional libxmltooling-dev_3.2.0-3+deb11u1_ppc64el.deb 42b6461e34904260753c0b6dec7e6a8d 7791828 debug optional libxmltooling10-dbgsym_3.2.0-3+deb11u1_ppc64el.deb 5408e34c3e49ed85448fc0b48e4966d6 620968 libs optional libxmltooling10_3.2.0-3+deb11u1_ppc64el.deb eb4933d2d818b0e9836400f163897b02 8050 libs optional xmltooling_3.2.0-3+deb11u1_ppc64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5hbnFkJlczvLwwS0Y7DdE4sWZ/UFAmSKO8UACgkQY7DdE4sW Z/UnSBAAhTaUAUEJq/Ni/8oG9B7U94wxrub2smPGNgxvmJc/P8yQ1eE91lH4XRwP loqFA2hjDIr6YbkOml3XawRLnsADzjqvGehFio03rl4v4bVVRMRrlxXGxH1k1JZ1 yNwbZCftIngQqfhyQKPLZrxdBKxqIdQnGvHit00MxmI2LMhqNtk9MTxZPeP9A+za SwFa/hv0eFlSADWIMSlsXyfgvMZwe2yftRrT+FkR3sYrDP+tgsPKR9l0t5D2XY9H I2Q0SFXZI0YaxThZw1nrSq7J962qAce6TOaBsVXlCemm9rHYBBwSQpxJTbKhCbCP hd7gtJdCVihvKXHltjxmRivKtgP15G8DyO3LR5vLGaUFIc/jwtYCyVzrXhFQjRRX 67NK56nwgMcyiNWFscRc+ScsxvAKvSnxP68LRKw0sdw5IGExJZ6tQ/m8Zz5T1U80 dK6MkJHNUbwgD+yD8EpP+l0o8a+n7T8CXgCPeYQhkxXyXfoGt4Bqce1fi3O7hWdE TZaEQdoZf0EsBqzGZhb/fjTomaJKRj/ek8/lcR+zBxM7rU8GCH6NQBsmexJpUDMO UJY4oeOuCtWuuX5xiJ5kG18cc8bmgxdkN7ynLuwKuW592K/b5Z+wtxU97uBpLNc9 Hi0BLQjK1czzBlJ5JoBP7Mxw70+5QC8iZwjb7PaAnyqxRyEqP+o= =qVdT -----END PGP SIGNATURE-----