-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 14 Jun 2023 22:44:03 +0200
Source: xmltooling
Binary: libxmltooling-dev libxmltooling10 libxmltooling10-dbgsym
Architecture: ppc64el
Version: 3.2.0-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) <buildd_ppc64el-ppc64el-osuosl-01@buildd.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling10 - C++ XML parsing library with encryption support (runtime)
Closes: 1037948
Changes:
 xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high
 .
   * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into
     Santuario.
     Fix a denial of service vulnerability: Parsing of KeyInfo elements can
     cause remote resource access.
     Including certain legal but "malicious in intent" content in the
     KeyInfo element defined by the XML Signature standard will result
     in attempts by the SP's shibd process to dereference untrusted
     URLs.
     While the content of the URL must be supplied within the message
     and does not include any SP internal state or dynamic content,
     there is at minimum a risk of denial of service, and the attack
     could be combined with others to create more serious vulnerabilities
     in the future.
     Thanks to Scott Cantor for the fix. (Closes: #1037948)
Checksums-Sha1:
 fbfe008d516637aa0040aa68424f6001082f37fe 79908 libxmltooling-dev_3.2.0-3+deb11u1_ppc64el.deb
 c84ee95097548678eda1c477f5dfcd1203af59b6 7791828 libxmltooling10-dbgsym_3.2.0-3+deb11u1_ppc64el.deb
 908505a3d49e41a0d3bbc71e8964b2372868b9a2 620968 libxmltooling10_3.2.0-3+deb11u1_ppc64el.deb
 e3dbb4b9c2c01e73ced79408deaa8c13dcb49807 8050 xmltooling_3.2.0-3+deb11u1_ppc64el-buildd.buildinfo
Checksums-Sha256:
 db106f46f996ba87ba84014b465ca3d76d64e5427e4b3959498fdd00778544cd 79908 libxmltooling-dev_3.2.0-3+deb11u1_ppc64el.deb
 b3f99012b9352cb1ca1c54221bc44e666641179de82a778e6e3c7ccf63075094 7791828 libxmltooling10-dbgsym_3.2.0-3+deb11u1_ppc64el.deb
 f489b263033b15bea68589f96280509ea0e200baa4fab402f6d214685c9fd420 620968 libxmltooling10_3.2.0-3+deb11u1_ppc64el.deb
 0904dd549428ce168b50d39558e134d82b54c5899f4e94655f727197336f1256 8050 xmltooling_3.2.0-3+deb11u1_ppc64el-buildd.buildinfo
Files:
 43e4710894162d8e080875f4281f056b 79908 libdevel optional libxmltooling-dev_3.2.0-3+deb11u1_ppc64el.deb
 42b6461e34904260753c0b6dec7e6a8d 7791828 debug optional libxmltooling10-dbgsym_3.2.0-3+deb11u1_ppc64el.deb
 5408e34c3e49ed85448fc0b48e4966d6 620968 libs optional libxmltooling10_3.2.0-3+deb11u1_ppc64el.deb
 eb4933d2d818b0e9836400f163897b02 8050 libs optional xmltooling_3.2.0-3+deb11u1_ppc64el-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5hbnFkJlczvLwwS0Y7DdE4sWZ/UFAmSKO8UACgkQY7DdE4sW
Z/UnSBAAhTaUAUEJq/Ni/8oG9B7U94wxrub2smPGNgxvmJc/P8yQ1eE91lH4XRwP
loqFA2hjDIr6YbkOml3XawRLnsADzjqvGehFio03rl4v4bVVRMRrlxXGxH1k1JZ1
yNwbZCftIngQqfhyQKPLZrxdBKxqIdQnGvHit00MxmI2LMhqNtk9MTxZPeP9A+za
SwFa/hv0eFlSADWIMSlsXyfgvMZwe2yftRrT+FkR3sYrDP+tgsPKR9l0t5D2XY9H
I2Q0SFXZI0YaxThZw1nrSq7J962qAce6TOaBsVXlCemm9rHYBBwSQpxJTbKhCbCP
hd7gtJdCVihvKXHltjxmRivKtgP15G8DyO3LR5vLGaUFIc/jwtYCyVzrXhFQjRRX
67NK56nwgMcyiNWFscRc+ScsxvAKvSnxP68LRKw0sdw5IGExJZ6tQ/m8Zz5T1U80
dK6MkJHNUbwgD+yD8EpP+l0o8a+n7T8CXgCPeYQhkxXyXfoGt4Bqce1fi3O7hWdE
TZaEQdoZf0EsBqzGZhb/fjTomaJKRj/ek8/lcR+zBxM7rU8GCH6NQBsmexJpUDMO
UJY4oeOuCtWuuX5xiJ5kG18cc8bmgxdkN7ynLuwKuW592K/b5Z+wtxU97uBpLNc9
Hi0BLQjK1czzBlJ5JoBP7Mxw70+5QC8iZwjb7PaAnyqxRyEqP+o=
=qVdT
-----END PGP SIGNATURE-----