Ubuntu
xmltooling package

xmltooling 1.5.3-2+deb8u3build0.14.04.1 source package in Ubuntu

Changelog

xmltooling (1.5.3-2+deb8u3build0.14.04.1) trusty-security; urgency=medium

  * fake sync from Debian (LP: #1752306)

xmltooling (1.5.3-2+deb8u3) jessie-security; urgency=high

  * [2890d0c] New patches fixing CVE-2018-0489: additional data forgery flaws.
    These flaws allow for changes to an XML document that do not break a
    digital signature but alter the user data passed through to applications
    enabling impersonation attacks and exposure of protected information.
    https://shibboleth.net/community/advisories/secadv_20180227.txt
    https://issues.shibboleth.net/jira/browse/CPPXT-128
    The Add-disallowDoctype-to-parser-configuration.patch is not effective
    under Xerces 3.1 in jessie, but provides more generic protection under
    Xerces 3.2 against issues like CVE-2018-0486.  It's included here for
    completeness and to avoid a conflict applying the CVE-2018-0489 patch.

 -- Steve Beattie <email address hidden>  Tue, 20 Mar 2018 15:21:30 -0700

Upload details

Uploaded by:
Steve Beattie
Uploaded to:
Trusty
Original maintainer:
Debian Shib Team
Architectures:
any all
Section:
libs
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
xmltooling_1.5.3.orig.tar.gz 659.5 KiB 90e453deb738574b04f1f1aa08ed7cc9d8746bcbf93eb59f401a6e38f2ec9574
xmltooling_1.5.3-2+deb8u3build0.14.04.1.debian.tar.gz 13.2 KiB e4bd8d0570bae4f270df76ef17430a68f7c53a8c6d85c7fea5dc491fa0bc14df
xmltooling_1.5.3-2+deb8u3build0.14.04.1.dsc 2.4 KiB 2bc1d2a9cac993c91b6c0b3040425f983aff3500053d795566b6e90cbcb3eabc

View changes file

Binary packages built by this source

libxmltooling-dev: C++ XML parsing library with encryption support (development)

 The XMLTooling library contains generic XML parsing and processing
 classes based on the Xerces-C DOM. It adds more powerful facilities
 for declaring element- and type-specific API and implementation
 classes to add value around the DOM, as well as signing and encryption
 support.
 .
 This package contains the headers and other necessary files to build
 applications or libraries that use or extend the XMLTooling library.

libxmltooling-doc: C++ XML parsing library with encryption support (API docs)

 The XMLTooling library contains generic XML parsing and processing
 classes based on the Xerces-C DOM. It adds more powerful facilities
 for declaring element- and type-specific API and implementation
 classes to add value around the DOM, as well as signing and encryption
 support.
 .
 This package contains the XMLTooling library API documentation generated
 by Doxygen.

libxmltooling6: C++ XML parsing library with encryption support (runtime)

 The XMLTooling library contains generic XML parsing and processing
 classes based on the Xerces-C DOM. It adds more powerful facilities for
 declaring element- and type-specific API and implementation classes, as
 well as signing and encryption support.
 .
 This package contains the files necessary for running applications that
 use the XMLTooling library.

libxmltooling6-dbgsym: debug symbols for package libxmltooling6

 The XMLTooling library contains generic XML parsing and processing
 classes based on the Xerces-C DOM. It adds more powerful facilities for
 declaring element- and type-specific API and implementation classes, as
 well as signing and encryption support.
 .
 This package contains the files necessary for running applications that
 use the XMLTooling library.

xmltooling-schemas: XML schemas for XMLTooling

 The XMLTooling library contains generic XML parsing and processing
 classes based on the Xerces-C DOM. It adds more powerful facilities for
 declaring element- and type-specific API and implementation classes, as
 well as signing and encryption support.
 .
 This package contains the XML schema files used by the XMLTooling
 library.