xmltooling 3.2.4-1 source package in Ubuntu

Changelog

xmltooling (3.2.4-1) unstable; urgency=medium

  * [f89bdd8] New upstream release: 3.2.4
    SECURITY: corrects a server-side request forgery (SSRF) vulnerability.
    From https://shibboleth.net/community/advisories/secadv_20230612.txt:
    # Parsing of KeyInfo elements can cause remote resource access
    Including certain legal but "malicious in intent" content in the
    KeyInfo element defined by the XML Signature standard will result
    in attempts by the SP's shibd process to dereference untrusted URLs.
    While the content of the URL must be supplied within the message
    and does not include any SP internal state or dynamic content,
    there is at minimum a risk of denial of service, and the attack
    could be combined with others to create more serious vulnerabilities
    in the future. (Closes: #1037948)
  * [79533dd] Delete upstreamed patch
  * [6ae406d] Remove Etienne Dysli Metref from Uploaders.
    Thanks for your work, Etienne, and best wishes for your future
    endeavors!

 -- Ferenc Wágner <email address hidden>  Wed, 14 Jun 2023 22:04:20 +0200

Upload details

Uploaded by:
Debian Shib Team
Uploaded to:
Sid
Original maintainer:
Debian Shib Team
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Mantic release universe libs

Downloads

File Size SHA-256 Checksum
xmltooling_3.2.4-1.dsc 2.7 KiB 4edc74ec811a553137450746453e7fb97f3fce9ab9263de8e26b4df63e291cbd
xmltooling_3.2.4.orig.tar.bz2 606.6 KiB 92db9b52f28f854ba2b3c3b5721dc18c8bd885c1e0d9397f0beb3415e88e3845
xmltooling_3.2.4.orig.tar.bz2.asc 833 bytes d2019312f4b934c17eaa3654e993599f61854d775c44f1b84ef1098e6c96a343
xmltooling_3.2.4-1.debian.tar.xz 17.4 KiB 6f2a941e7055f047f9434a52c4af857275403889b6aa5aa4e661c6865cb36b1f

No changes file available.

Binary packages built by this source

libxmltooling-dev: C++ XML parsing library with encryption support (development)

 The XMLTooling library contains generic XML parsing and
 processing classes based on the Xerces-C DOM. It adds more powerful facilities
 for declaring element- and type-specific API and implementation classes, as
 well as signing and encryption support.
 .
 This package contains the headers and other necessary files to build
 applications or libraries that use or extend the XMLTooling library.

libxmltooling-doc: C++ XML parsing library with encryption support (API docs)

 The XMLTooling library contains generic XML parsing and
 processing classes based on the Xerces-C DOM. It adds more powerful facilities
 for declaring element- and type-specific API and implementation classes, as
 well as signing and encryption support.
 .
 This package contains the XMLTooling library API documentation generated
 by Doxygen.

libxmltooling10: C++ XML parsing library with encryption support (runtime)

 The XMLTooling library contains generic XML parsing and
 processing classes based on the Xerces-C DOM. It adds more powerful facilities
 for declaring element- and type-specific API and implementation classes, as
 well as signing and encryption support.
 .
 This package contains the files necessary for running applications that
 use the XMLTooling library.

libxmltooling10-dbgsym: No summary available for libxmltooling10-dbgsym in ubuntu noble.

No description available for libxmltooling10-dbgsym in ubuntu noble.

xmltooling-schemas: XML schemas for XMLTooling

 The XMLTooling library contains generic XML parsing and
 processing classes based on the Xerces-C DOM. It adds more powerful facilities
 for declaring element- and type-specific API and implementation classes, as
 well as signing and encryption support.
 .
 This package contains the XML schema files used by the XMLTooling
 library.