-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 14 Jun 2023 22:44:03 +0200
Source: xmltooling
Binary: libxmltooling-dev libxmltooling10 libxmltooling10-dbgsym
Architecture: i386
Version: 3.2.0-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) <buildd_amd64-x86-ubc-02@buildd.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling10 - C++ XML parsing library with encryption support (runtime)
Closes: 1037948
Changes:
 xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high
 .
   * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into
     Santuario.
     Fix a denial of service vulnerability: Parsing of KeyInfo elements can
     cause remote resource access.
     Including certain legal but "malicious in intent" content in the
     KeyInfo element defined by the XML Signature standard will result
     in attempts by the SP's shibd process to dereference untrusted
     URLs.
     While the content of the URL must be supplied within the message
     and does not include any SP internal state or dynamic content,
     there is at minimum a risk of denial of service, and the attack
     could be combined with others to create more serious vulnerabilities
     in the future.
     Thanks to Scott Cantor for the fix. (Closes: #1037948)
Checksums-Sha1:
 94f27286c00a8cc4a4faf6abf7b7ea1e059d588b 79896 libxmltooling-dev_3.2.0-3+deb11u1_i386.deb
 46669df7c3a3bbef8985c30e5a6dcea9b06c7c3e 7420564 libxmltooling10-dbgsym_3.2.0-3+deb11u1_i386.deb
 ab4cc6d9626827078ba1d7c0cb2ed2410d5b3c33 649588 libxmltooling10_3.2.0-3+deb11u1_i386.deb
 2d9c9bc13b071034ec4bb9d5748a4227edabf8f6 7962 xmltooling_3.2.0-3+deb11u1_i386-buildd.buildinfo
Checksums-Sha256:
 2fc3d81ed5e7e7dbd73cad285fdce646927687250b23dfb68a1137e4ba0ada88 79896 libxmltooling-dev_3.2.0-3+deb11u1_i386.deb
 51b36f70fafac53acee5e793dd18b0d551d3d17753a090815924e982561ef780 7420564 libxmltooling10-dbgsym_3.2.0-3+deb11u1_i386.deb
 ca039942aa12021f927ca1ae5fb12ba81e37222c0f0ddb60e4eaeae84a1c92a2 649588 libxmltooling10_3.2.0-3+deb11u1_i386.deb
 3dc5512f6d7a506f623e561c2e9109b73cd095946ba6003b5bb5b4e72b162751 7962 xmltooling_3.2.0-3+deb11u1_i386-buildd.buildinfo
Files:
 0edca76ee1627fe66651dc5a6b787a16 79896 libdevel optional libxmltooling-dev_3.2.0-3+deb11u1_i386.deb
 43706dc2555bc80747c5b42dc8fdecc9 7420564 debug optional libxmltooling10-dbgsym_3.2.0-3+deb11u1_i386.deb
 79b45d1ac1fcbb3d664873046fe5bdf7 649588 libs optional libxmltooling10_3.2.0-3+deb11u1_i386.deb
 934ab15debb91e2978701eea87955917 7962 libs optional xmltooling_3.2.0-3+deb11u1_i386-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEJyRdn7p9tGRfxctAots23/koc0EFAmSKMPMACgkQots23/ko
c0G96g/9E2QacrzvgGJJV8+amAYuNVyYETWQySwGrPXarAUcsxU7JG+IE9t+iZEs
kdViiG6j6f5aGRcKJC/4Tdj8eZ2lQT+JQJPq2m/5v7zqwvWGKJlQSi/rdKNu+ScF
fby8RuLQWwNw64UBkjoez+F7rRcYdnl98z/+Aukxk24cXCm8lW5LLXuHHhGQYAck
xdN5XSelNyIP9vRNH9EkapCpa+qUUHtUjU/CEngh5Tl2eWtCFuY/nfVFQyN7BUA/
myb2HGwehdJkcpbdn6InpFZWnU7KMouVqzTSuR2j25mlVEjvQMqiH0cHmxUpo7pp
gIOuCYNcDeNtgR3S2xMz7ILP018DmBjZNAcmqf6/dqwuU5zTcasGnslHdBnnqxCq
zVxqyYbHQlz4WASXyWeyu945Pi6tlmDQJU9VosHiJkcesvjwr3IHtYDeOWR0S8Nh
3+CC52BWYMzQ2lajxeriSvu33TePoRvnTjYVR6yXtYCoPYS0U9hYJkbnyMwx+Msv
Nl0JmXqKv5O9jW6+BbyLArUPUSDzeTLlMXRz017JwBfPUiPDeIgqDxccXOcGjpAl
0kXzlyiu96C12/Sl+YdqY1GNae1QRQfP8nUzsIHMs8EENNk+l82ESE+1Aj252+sn
L8wNLlkQnMDNfLg3ef6XlZnkto/yUZ5++aEcMG8UkjccrTJwo1Y=
=9oZJ
-----END PGP SIGNATURE-----