-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 14 Jun 2023 22:44:03 +0200
Source: xmltooling
Binary: libxmltooling-dev libxmltooling10 libxmltooling10-dbgsym
Architecture: mips64el
Version: 3.2.0-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-04) <buildd_mips64el-mipsel-osuosl-04@buildd.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling10 - C++ XML parsing library with encryption support (runtime)
Closes: 1037948
Changes:
 xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high
 .
   * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into
     Santuario.
     Fix a denial of service vulnerability: Parsing of KeyInfo elements can
     cause remote resource access.
     Including certain legal but "malicious in intent" content in the
     KeyInfo element defined by the XML Signature standard will result
     in attempts by the SP's shibd process to dereference untrusted
     URLs.
     While the content of the URL must be supplied within the message
     and does not include any SP internal state or dynamic content,
     there is at minimum a risk of denial of service, and the attack
     could be combined with others to create more serious vulnerabilities
     in the future.
     Thanks to Scott Cantor for the fix. (Closes: #1037948)
Checksums-Sha1:
 46ceaa959b69a454f611779041efc7223cb8dee4 79908 libxmltooling-dev_3.2.0-3+deb11u1_mips64el.deb
 99ebe8f818a51d792dd7336799dc3cbf8264b55c 7805148 libxmltooling10-dbgsym_3.2.0-3+deb11u1_mips64el.deb
 ee4476be8bf26ce5330a3e707309a68f6e468999 524124 libxmltooling10_3.2.0-3+deb11u1_mips64el.deb
 8cebd02c8b92209a25880c0dc554eac341bfb2d2 7915 xmltooling_3.2.0-3+deb11u1_mips64el-buildd.buildinfo
Checksums-Sha256:
 e3ac8d4a9670e0c6cee51ef622768a0177fd4548539bc4ed8b1e52a3b992a770 79908 libxmltooling-dev_3.2.0-3+deb11u1_mips64el.deb
 5ae4bda7bf91bb5b63ca6c70aefcf51e89dcd295492d4bf5859149f0941d0534 7805148 libxmltooling10-dbgsym_3.2.0-3+deb11u1_mips64el.deb
 0cd2dbc3ffc067b41344fd5a9b14a241d32b9828d9ab636e8323e37d52f70698 524124 libxmltooling10_3.2.0-3+deb11u1_mips64el.deb
 56ef6171902cc83bbd30f3b2bc1b9a0ec6e4224519a4c4c3bff73b5566ede565 7915 xmltooling_3.2.0-3+deb11u1_mips64el-buildd.buildinfo
Files:
 b6253346caf73cb614a5de6cc6c1a038 79908 libdevel optional libxmltooling-dev_3.2.0-3+deb11u1_mips64el.deb
 1288d3f6d01c588c2f861ec79c8db04c 7805148 debug optional libxmltooling10-dbgsym_3.2.0-3+deb11u1_mips64el.deb
 f58f095a558817ae28fe19df8ad6954f 524124 libs optional libxmltooling10_3.2.0-3+deb11u1_mips64el.deb
 af20ac07951c9f3fee6f59d6a4dea161 7915 libs optional xmltooling_3.2.0-3+deb11u1_mips64el-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEbqxhtqqT8knLtgp0Ct/wWqReXfQFAmSKlLwACgkQCt/wWqRe
XfTR6w//WekL2FrBiqluci5czgIeBymzU79OXwJmXqzumwNmUUokY6AY6LYSE8WT
aHj71AVSjqVqg5qt3NIcc4Ky8fBGr5fUCanDcvSkgCG55McEYyZnhhUrsdov1mBR
dKZLcuwKDhf8Z67IpJhHdIEJE3P6aiVNZUIOjnedj8TncpKusm6YuTXGWiNq+q46
urczWKVdnWGSpbhWs2qsAXreGA3HR1fL7tvVVp4J/x2eYeCbduw7yLqD0ly6rysU
cmJOSj7Kbaqws1TXOMTCrrefDdCRfWjnGNPZMkSfnRziQVid6Xgq2eYXLMFkA/pT
oaEfrMWZkIr9CswKtwjhxrQi+5+V6/XblwCFB18WjOhatHmJ/w3cuyLQ/kHUDWk/
dJnYvOieJvZchfum60BFY/CKP/atusBd7ryy3dxEur91cSBXJ+ZblPykxqi7E4DB
qQewkccBL7sjnGOEvGUoUobTGQMsHG5hccE13NgaiadvjQ9OB5anAPoXS69Yige6
0b+ovZQCPebmFdDl1fIfw6Tinp73vVgFy6eHH48QGxedN9WEPR4VndtDysrIpsRP
m/AU/LQx7PtrQMnFiualZ3NzuVZkV7xi7O1qr3d6C2iKOiIoAuNoEdH9Fug1qAEW
cYWrryQMD5rq4mzoOBDhRCi9VhcR5vOUkfev3qDGOiAX9l3wqeM=
=5uwf
-----END PGP SIGNATURE-----