-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 14 Jun 2023 22:44:03 +0200 Source: xmltooling Binary: libxmltooling-dev libxmltooling10 libxmltooling10-dbgsym Architecture: s390x Version: 3.2.0-3+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: s390x Build Daemon (zandonai) Changed-By: Ferenc Wágner Description: libxmltooling-dev - C++ XML parsing library with encryption support (development) libxmltooling10 - C++ XML parsing library with encryption support (runtime) Closes: 1037948 Changes: xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high . * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into Santuario. Fix a denial of service vulnerability: Parsing of KeyInfo elements can cause remote resource access. Including certain legal but "malicious in intent" content in the KeyInfo element defined by the XML Signature standard will result in attempts by the SP's shibd process to dereference untrusted URLs. While the content of the URL must be supplied within the message and does not include any SP internal state or dynamic content, there is at minimum a risk of denial of service, and the attack could be combined with others to create more serious vulnerabilities in the future. Thanks to Scott Cantor for the fix. (Closes: #1037948) Checksums-Sha1: 0acf0a29a4589bbdfe651ab789ce707f09ca9e18 79896 libxmltooling-dev_3.2.0-3+deb11u1_s390x.deb d024fe550e753ea2d45f4cb130e804490fa7bfb0 7894124 libxmltooling10-dbgsym_3.2.0-3+deb11u1_s390x.deb b53ee7c0ef25961108f77ba3b7b7562a07b2b98f 566768 libxmltooling10_3.2.0-3+deb11u1_s390x.deb 30f77e943775717e37abc25fef636a43fc3cbd96 7946 xmltooling_3.2.0-3+deb11u1_s390x-buildd.buildinfo Checksums-Sha256: 0423110bb80f3de1b39de8c954e8a5ff0bd019b19bd6b86623f4d9e7bd114204 79896 libxmltooling-dev_3.2.0-3+deb11u1_s390x.deb 7ffeb22d20aa7347ec79ec8f7f8d995857fa7995b0daf78982c27543cec7bf51 7894124 libxmltooling10-dbgsym_3.2.0-3+deb11u1_s390x.deb 3e3d4e24e027f18b6d1eee6dd5b2882209ee7fa0bd98eedcf15d942c14c5f0fb 566768 libxmltooling10_3.2.0-3+deb11u1_s390x.deb a2c55b5972743d9d5b8b74a06f880d189af094d976e5872c57f60e5471976a77 7946 xmltooling_3.2.0-3+deb11u1_s390x-buildd.buildinfo Files: 4eb77ee982693c7239a3b90b17af4661 79896 libdevel optional libxmltooling-dev_3.2.0-3+deb11u1_s390x.deb 90c15f0053ea82ab1709d4bf2febbce3 7894124 debug optional libxmltooling10-dbgsym_3.2.0-3+deb11u1_s390x.deb 15601bc3121aa3bc2f6e2af784f40ac5 566768 libs optional libxmltooling10_3.2.0-3+deb11u1_s390x.deb f5b7b62314481a7f496f1564ba1b7c19 7946 libs optional xmltooling_3.2.0-3+deb11u1_s390x-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEhBjA3afmaHyzk51IFQ1EGN3xM6QFAmSKOXgACgkQFQ1EGN3x M6T4WxAAoHa7aGMBuvBS4KFqVErZH5GRqPSZXHFuAPlushTXaXVNwEmh/yvr/10o MMBzPcuF9JGhDAtCfNcU0BlU+OBhqQ47gQlF0S+vBdHqHalrECiM9siPvikKLizd JUEPeHJ1HZjnwsnVgH/syXRWcY8G5wdLDUBGREnvovbEgxjPCuFnT/FrEGyGHCSF Fmi+aPpp41Lmm39s3QCIywiQDEbXhNgOicwZJflS0AUZ8cR2VAkaOJh4j4wtyQhk 4gPmYhKKXterooy/rG9o1cy9nwiGgp1dReXGIo1ol5DUafPLY8rwNhGZjcYgX1Fs K99SyTeARAFvEfDsQ1LTPWcfC167Kd1eJ4daHXJoe1cNGxgJ4GlSACQNcrtUW2jh yf7NBFf4Gpa1A8JSQq8a9Lg6j51eXRRteechacfJLOrhikso+6Jn0sJpFuSIWg+m fqaXbd6yVQpoGsaMWubqyDhtBIN1A/Nole+2B9QU7gmWQ2yIcKFjF5ncTjBPf05j mS8WuHGTfH8W+6CIfg//B2t33W7kT+IpopAhd5tQIisfDgTZNy6O3hQl3ijisP8Q jxI7zbBj3krVyCPP6dYZF7juRJeNuTKKaiTDuJFEan1X+Z6n028tV+evaAki4+fX OXnkuQ8VDeDKETVXGicKheBjB93xip9Yus5TnCCpRkIyg4rt6V8= =VOoH -----END PGP SIGNATURE-----