-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 14 Jun 2023 22:44:03 +0200
Source: xmltooling
Binary: libxmltooling-dev libxmltooling10 libxmltooling10-dbgsym
Architecture: s390x
Version: 3.2.0-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: s390x Build Daemon (zandonai) <buildd_s390x-zandonai@buildd.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling10 - C++ XML parsing library with encryption support (runtime)
Closes: 1037948
Changes:
 xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high
 .
   * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into
     Santuario.
     Fix a denial of service vulnerability: Parsing of KeyInfo elements can
     cause remote resource access.
     Including certain legal but "malicious in intent" content in the
     KeyInfo element defined by the XML Signature standard will result
     in attempts by the SP's shibd process to dereference untrusted
     URLs.
     While the content of the URL must be supplied within the message
     and does not include any SP internal state or dynamic content,
     there is at minimum a risk of denial of service, and the attack
     could be combined with others to create more serious vulnerabilities
     in the future.
     Thanks to Scott Cantor for the fix. (Closes: #1037948)
Checksums-Sha1:
 0acf0a29a4589bbdfe651ab789ce707f09ca9e18 79896 libxmltooling-dev_3.2.0-3+deb11u1_s390x.deb
 d024fe550e753ea2d45f4cb130e804490fa7bfb0 7894124 libxmltooling10-dbgsym_3.2.0-3+deb11u1_s390x.deb
 b53ee7c0ef25961108f77ba3b7b7562a07b2b98f 566768 libxmltooling10_3.2.0-3+deb11u1_s390x.deb
 30f77e943775717e37abc25fef636a43fc3cbd96 7946 xmltooling_3.2.0-3+deb11u1_s390x-buildd.buildinfo
Checksums-Sha256:
 0423110bb80f3de1b39de8c954e8a5ff0bd019b19bd6b86623f4d9e7bd114204 79896 libxmltooling-dev_3.2.0-3+deb11u1_s390x.deb
 7ffeb22d20aa7347ec79ec8f7f8d995857fa7995b0daf78982c27543cec7bf51 7894124 libxmltooling10-dbgsym_3.2.0-3+deb11u1_s390x.deb
 3e3d4e24e027f18b6d1eee6dd5b2882209ee7fa0bd98eedcf15d942c14c5f0fb 566768 libxmltooling10_3.2.0-3+deb11u1_s390x.deb
 a2c55b5972743d9d5b8b74a06f880d189af094d976e5872c57f60e5471976a77 7946 xmltooling_3.2.0-3+deb11u1_s390x-buildd.buildinfo
Files:
 4eb77ee982693c7239a3b90b17af4661 79896 libdevel optional libxmltooling-dev_3.2.0-3+deb11u1_s390x.deb
 90c15f0053ea82ab1709d4bf2febbce3 7894124 debug optional libxmltooling10-dbgsym_3.2.0-3+deb11u1_s390x.deb
 15601bc3121aa3bc2f6e2af784f40ac5 566768 libs optional libxmltooling10_3.2.0-3+deb11u1_s390x.deb
 f5b7b62314481a7f496f1564ba1b7c19 7946 libs optional xmltooling_3.2.0-3+deb11u1_s390x-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEhBjA3afmaHyzk51IFQ1EGN3xM6QFAmSKOXgACgkQFQ1EGN3x
M6T4WxAAoHa7aGMBuvBS4KFqVErZH5GRqPSZXHFuAPlushTXaXVNwEmh/yvr/10o
MMBzPcuF9JGhDAtCfNcU0BlU+OBhqQ47gQlF0S+vBdHqHalrECiM9siPvikKLizd
JUEPeHJ1HZjnwsnVgH/syXRWcY8G5wdLDUBGREnvovbEgxjPCuFnT/FrEGyGHCSF
Fmi+aPpp41Lmm39s3QCIywiQDEbXhNgOicwZJflS0AUZ8cR2VAkaOJh4j4wtyQhk
4gPmYhKKXterooy/rG9o1cy9nwiGgp1dReXGIo1ol5DUafPLY8rwNhGZjcYgX1Fs
K99SyTeARAFvEfDsQ1LTPWcfC167Kd1eJ4daHXJoe1cNGxgJ4GlSACQNcrtUW2jh
yf7NBFf4Gpa1A8JSQq8a9Lg6j51eXRRteechacfJLOrhikso+6Jn0sJpFuSIWg+m
fqaXbd6yVQpoGsaMWubqyDhtBIN1A/Nole+2B9QU7gmWQ2yIcKFjF5ncTjBPf05j
mS8WuHGTfH8W+6CIfg//B2t33W7kT+IpopAhd5tQIisfDgTZNy6O3hQl3ijisP8Q
jxI7zbBj3krVyCPP6dYZF7juRJeNuTKKaiTDuJFEan1X+Z6n028tV+evaAki4+fX
OXnkuQ8VDeDKETVXGicKheBjB93xip9Yus5TnCCpRkIyg4rt6V8=
=VOoH
-----END PGP SIGNATURE-----