-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 14 Jun 2023 22:44:03 +0200
Source: xmltooling
Binary: libxmltooling-doc xmltooling-schemas
Architecture: all
Version: 3.2.0-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) <buildd_amd64-x86-conova-01@buildd.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxmltooling-doc - C++ XML parsing library with encryption support (API docs)
 xmltooling-schemas - XML schemas for XMLTooling
Closes: 1037948
Changes:
 xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high
 .
   * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into
     Santuario.
     Fix a denial of service vulnerability: Parsing of KeyInfo elements can
     cause remote resource access.
     Including certain legal but "malicious in intent" content in the
     KeyInfo element defined by the XML Signature standard will result
     in attempts by the SP's shibd process to dereference untrusted
     URLs.
     While the content of the URL must be supplied within the message
     and does not include any SP internal state or dynamic content,
     there is at minimum a risk of denial of service, and the attack
     could be combined with others to create more serious vulnerabilities
     in the future.
     Thanks to Scott Cantor for the fix. (Closes: #1037948)
Checksums-Sha1:
 0c6fd78f898365510279d2f97bc590d89a116037 5652632 libxmltooling-doc_3.2.0-3+deb11u1_all.deb
 e59c3ba8fef5368750616c3ed136b0150d39be40 21396 xmltooling-schemas_3.2.0-3+deb11u1_all.deb
 f68a9e2c5c623e9c2cd850f5357ae1e9b139abe3 9335 xmltooling_3.2.0-3+deb11u1_all-buildd.buildinfo
Checksums-Sha256:
 fb03155dda1dda6f8484525fe00c13639b1cd13a1d38701e837600b0b22ec198 5652632 libxmltooling-doc_3.2.0-3+deb11u1_all.deb
 56502e2985cbcc54af5bfdd9cc90f6fe42816651b32cd5cfa5006f3e27640e80 21396 xmltooling-schemas_3.2.0-3+deb11u1_all.deb
 5a3e3487ecda38101ad7319b453c237bf4070035208b1c8ff9b4a86b608d4dbb 9335 xmltooling_3.2.0-3+deb11u1_all-buildd.buildinfo
Files:
 3453b60a3a4906623156c3f1db6204ea 5652632 doc optional libxmltooling-doc_3.2.0-3+deb11u1_all.deb
 21c325af2d7e780d700a0cb9fd5e75e1 21396 text optional xmltooling-schemas_3.2.0-3+deb11u1_all.deb
 aabe2e416556e7e2ec4e36ae8d85e92a 9335 libs optional xmltooling_3.2.0-3+deb11u1_all-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEi/TVpVg0yb7dq8QfDZWW6X29YdoFAmSKMM8ACgkQDZWW6X29
Ydqn9Q//S4k6g1ueU9/hVJ7kguV/oRjEeDbx5SumfGkhws+Qh/00uIcrF5+ZwgAo
sT+UDtbun4BY6IEYGYMvWEeovpfKI5eR6gO8vqop49c0wrQwcoPHvyqWqr4bgxiI
PwJt7tSpnPen0Nu2gp2Eqz7/0plNQKRxn5Taga+ctRYLOi4dFg1DP429kP+g1Ng8
dd60XAz9GhCzOOFgFgWpC5d/RCbBooWV9/RZjHvAUDxAs6imvunYWp76xcPbURy+
6PacwCKH6vjx7w/QIGN67cgb9TCt/11KWX82Yolln8IWKYho0PY+1TCmUmgZuxzt
ygOmtxpp1q5sB+9WmVYGA92yL4R6Z+d1zQOFaasodEm1cRxxatTZIwCBM276N4R5
nF4ZNs72Kp02LgeQiMtK4PkoUK6dYtxsTEvcdP9UF5nR50LqdnO/Njv+olYAvG71
PvBpj+Ur/JKIgcRjuq/zXY6KCV++iHGZcBpcxMnKoMiVXpM3PYLTbZm6Na68b7s2
s4g0yHaa0hxAsXdvIN83CQblqB0QHgoNMSylCtA7nSTnYu0H/PshrwBc0PPXdEBs
wxCPPlzPsMOyIe+eqR+O+UOQqkwI7rfifRlmo9l+H8YUxa9klxuQ4NKyjmpQfbC7
KjQZlOalbGfH/p02E+FcgMtgXJUWJwpu5KyFq0mC08pzBqONQ1g=
=SQj2
-----END PGP SIGNATURE-----