-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 14 Jun 2023 22:44:03 +0200
Source: xmltooling
Binary: libxmltooling-dev libxmltooling10 libxmltooling10-dbgsym
Architecture: armhf
Version: 3.2.0-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-04) <buildd_armhf-arm-ubc-04@buildd.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling10 - C++ XML parsing library with encryption support (runtime)
Closes: 1037948
Changes:
 xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high
 .
   * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into
     Santuario.
     Fix a denial of service vulnerability: Parsing of KeyInfo elements can
     cause remote resource access.
     Including certain legal but "malicious in intent" content in the
     KeyInfo element defined by the XML Signature standard will result
     in attempts by the SP's shibd process to dereference untrusted
     URLs.
     While the content of the URL must be supplied within the message
     and does not include any SP internal state or dynamic content,
     there is at minimum a risk of denial of service, and the attack
     could be combined with others to create more serious vulnerabilities
     in the future.
     Thanks to Scott Cantor for the fix. (Closes: #1037948)
Checksums-Sha1:
 b7445515bc8a013f9c4912ea7c4b179cffeb3662 79904 libxmltooling-dev_3.2.0-3+deb11u1_armhf.deb
 b968eac4fa714aae10d3c1746435520ffc16c6ea 7671904 libxmltooling10-dbgsym_3.2.0-3+deb11u1_armhf.deb
 033c91bcc570f2ab30a95bc680524a22e8259d85 528960 libxmltooling10_3.2.0-3+deb11u1_armhf.deb
 da1532123b4008e7cef8f6761e53dc8cfb658347 7927 xmltooling_3.2.0-3+deb11u1_armhf-buildd.buildinfo
Checksums-Sha256:
 7c370f1e3c45fb9164bd6dd881bf3c1bc4841ed20d7a311e5817a767870ac643 79904 libxmltooling-dev_3.2.0-3+deb11u1_armhf.deb
 f33943f462e887ac53c051f8565fb216be85d54dba18c0faf81a78ca4819cba1 7671904 libxmltooling10-dbgsym_3.2.0-3+deb11u1_armhf.deb
 22f528aec72646b40e7210e9fa83b423b0f42d1e1ab1d2c403df7710f907a182 528960 libxmltooling10_3.2.0-3+deb11u1_armhf.deb
 a2e8ca63b8277ea5ce70708924ee5290a534ec14b8beada2346e7c00e2324f07 7927 xmltooling_3.2.0-3+deb11u1_armhf-buildd.buildinfo
Files:
 90cc70c0a81080e33c73b63b89dc21bb 79904 libdevel optional libxmltooling-dev_3.2.0-3+deb11u1_armhf.deb
 daa55eb2f1826d12eb5a42ca89d8eafa 7671904 debug optional libxmltooling10-dbgsym_3.2.0-3+deb11u1_armhf.deb
 e3ac65399e9a9f369e9306b928479b2e 528960 libs optional libxmltooling10_3.2.0-3+deb11u1_armhf.deb
 d26a30867a41c0ad3df562c48a733439 7927 libs optional xmltooling_3.2.0-3+deb11u1_armhf-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEU5Ohx66NeEdc9V4jWTHLDRjMKsQFAmSKMeUACgkQWTHLDRjM
KsT9YhAAnYI9a16nZwxWRStVlqL+SbdfQnCnIK82yg2giNiz5HXoKHwoBAFzwtlD
mUtWttVR7aXOcO0gqknjG7cUBAw4AvYkm+fuB9KcijdX9LojSsPn9hkHq6ZFdqhr
XvhCKI91qMv3DWKSUMuXrWA6pFun9jRqrKUQyy8mgzqlBFHRew9nsGGYTvbg75dO
23LKwRj42YFb6xgGrmV46TypX6ygfvrvwZaNOHCvkDpAsCn+12IWWuQ2kORTqIFW
l+lm5iMOmxP6n2QN0FB4tKoTfJLqH3kPEyhuAVLJkDFGndz+zr6VxKFVFyO6YJEA
5BcGdgq2a+C1GSsu1vac/2/2vspnKTgDS9DMvsMoi8n1kjrI2XycNdDMmXGOGJoM
4dRYMR5SNsjg51i3wfYSCfbz5OEWrJEF4l8ESBk07cBl4ZHGvg3WpuCa++A777oG
Ej0vLViLqb/LC1jYuOssFS+g2fzaModoUgtMhn0EigtKNeExeWmhWLj6njJo5d0O
+ulMvCtGQI9vfEfW1ObtHT9yNk7Rd+tVF1SpX7CfmBdxiliQ8U4Trcoj2+LVm/GS
VYn3hammyhIJJHXcz9CVEEEfysi5yRuL7b04uOgi+BqpoKs8yPbaN/y7K6zLSXVW
FJ2yUXNmIx5xnX32qpk+1PAWnBNAcLmBnuPjyHtKgJPzAA89tfI=
=mBiR
-----END PGP SIGNATURE-----