xmltooling 3.2.4-1 source package in Ubuntu
Changelog
xmltooling (3.2.4-1) unstable; urgency=medium
* [f89bdd8] New upstream release: 3.2.4
SECURITY: corrects a server-side request forgery (SSRF) vulnerability.
From https://shibboleth.net/community/advisories/secadv_20230612.txt:
# Parsing of KeyInfo elements can cause remote resource access
Including certain legal but "malicious in intent" content in the
KeyInfo element defined by the XML Signature standard will result
in attempts by the SP's shibd process to dereference untrusted URLs.
While the content of the URL must be supplied within the message
and does not include any SP internal state or dynamic content,
there is at minimum a risk of denial of service, and the attack
could be combined with others to create more serious vulnerabilities
in the future. (Closes: #1037948)
* [79533dd] Delete upstreamed patch
* [6ae406d] Remove Etienne Dysli Metref from Uploaders.
Thanks for your work, Etienne, and best wishes for your future
endeavors!
-- Ferenc Wágner <email address hidden> Wed, 14 Jun 2023 22:04:20 +0200
Upload details
- Uploaded by:
- Debian Shib Team
- Uploaded to:
- Sid
- Original maintainer:
- Debian Shib Team
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Mantic | release | universe | libs |
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| xmltooling_3.2.4-1.dsc | 2.7 KiB | 4edc74ec811a553137450746453e7fb97f3fce9ab9263de8e26b4df63e291cbd |
| xmltooling_3.2.4.orig.tar.bz2 | 606.6 KiB | 92db9b52f28f854ba2b3c3b5721dc18c8bd885c1e0d9397f0beb3415e88e3845 |
| xmltooling_3.2.4.orig.tar.bz2.asc | 833 bytes | d2019312f4b934c17eaa3654e993599f61854d775c44f1b84ef1098e6c96a343 |
| xmltooling_3.2.4-1.debian.tar.xz | 17.4 KiB | 6f2a941e7055f047f9434a52c4af857275403889b6aa5aa4e661c6865cb36b1f |
Available diffs
No changes file available.
Binary packages built by this source
- libxmltooling-dev: C++ XML parsing library with encryption support (development)
The XMLTooling library contains generic XML parsing and
processing classes based on the Xerces-C DOM. It adds more powerful facilities
for declaring element- and type-specific API and implementation classes, as
well as signing and encryption support.
.
This package contains the headers and other necessary files to build
applications or libraries that use or extend the XMLTooling library.
- libxmltooling-doc: C++ XML parsing library with encryption support (API docs)
The XMLTooling library contains generic XML parsing and
processing classes based on the Xerces-C DOM. It adds more powerful facilities
for declaring element- and type-specific API and implementation classes, as
well as signing and encryption support.
.
This package contains the XMLTooling library API documentation generated
by Doxygen.
- libxmltooling10: C++ XML parsing library with encryption support (runtime)
The XMLTooling library contains generic XML parsing and
processing classes based on the Xerces-C DOM. It adds more powerful facilities
for declaring element- and type-specific API and implementation classes, as
well as signing and encryption support.
.
This package contains the files necessary for running applications that
use the XMLTooling library.
- libxmltooling10-dbgsym: No summary available for libxmltooling10-dbgsym in ubuntu noble.
No description available for libxmltooling10
-dbgsym in ubuntu noble.
- xmltooling-schemas: XML schemas for XMLTooling
The XMLTooling library contains generic XML parsing and
processing classes based on the Xerces-C DOM. It adds more powerful facilities
for declaring element- and type-specific API and implementation classes, as
well as signing and encryption support.
.
This package contains the XML schema files used by the XMLTooling
library.
