Accepted xmltooling 1.5.3-2+deb8u4 (source i386 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 12 Mar 2019 15:26:39 +0100
Source: xmltooling
Binary: libxmltooling6 libxmltooling-dev xmltooling-schemas libxmltooling-doc
Architecture: source i386 all
Version: 1.5.3-2+deb8u4
Distribution: jessie-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
libxmltooling-dev - C++ XML parsing library with encryption support (development)
libxmltooling-doc - C++ XML parsing library with encryption support (API docs)
libxmltooling6 - C++ XML parsing library with encryption support (runtime)
xmltooling-schemas - XML schemas for XMLTooling
Closes: 924346
Changes:
xmltooling (1.5.3-2+deb8u4) jessie-security; urgency=high
.
* [74cd214] New patch fixing CVE-2019-9628: uncaught exception on malformed
XML declaration.
Invalid data in the XML declaration causes an exception of a type
that was not handled properly in the parser class and propagates an
unexpected exception type.
This generally manifests as a crash in the calling code, which in the
Service Provider software's case is usually the shibd daemon process,
but can be Apache in some cases. Note that the crash occurs prior to
evaluation of a message's authenticity, so can be exploited by an
untrusted attacker.
https://shibboleth.net/community/advisories/secadv_20190311.txt
https://issues.shibboleth.net/jira/browse/CPPXT-143
Thanks to Scott Cantor (Closes: #924346)
Checksums-Sha1:
6922b2735985b4b9e56e952fbf0b0b8807a464de 2433 xmltooling_1.5.3-2+deb8u4.dsc
aa993c3b80c58858a2f2e20fa7b94a06b9cb24d7 12772 xmltooling_1.5.3-2+deb8u4.debian.tar.xz
2c8424ef6d89c15b49b637efbc76d503db70f8ec 590114 libxmltooling6_1.5.3-2+deb8u4_i386.deb
b05f7c3939660b883b1de6080e1d11b3d8aa80c0 72830 libxmltooling-dev_1.5.3-2+deb8u4_i386.deb
c3a5c4042f60a672d9c805d0787b3142d8f9fa67 17216 xmltooling-schemas_1.5.3-2+deb8u4_all.deb
570e74bc15187261e6752c1864fe3fa5cf93a7c6 466330 libxmltooling-doc_1.5.3-2+deb8u4_all.deb
Checksums-Sha256:
8b25f2f4cb4a1f3acdc5b53d07e771deb14df2f7cf74aedd5a17151b9d721f77 2433 xmltooling_1.5.3-2+deb8u4.dsc
5bb7dd5036ca065a47c50be81a15cf070c2baa59782efd9667a6adb2d93a31db 12772 xmltooling_1.5.3-2+deb8u4.debian.tar.xz
7e3640c3a60aecf4fc28cb3805c22606d0094ed7c2fddd5826b98eab945c1971 590114 libxmltooling6_1.5.3-2+deb8u4_i386.deb
726e55d336ab9b79baf37983b025e54cb7ff9f0be4a2865dd8cefe2dee829ea3 72830 libxmltooling-dev_1.5.3-2+deb8u4_i386.deb
7aef3d5505a7f5dd95e7b23b5b932c1c2f743722a30bfaaa3bc15e4176330d25 17216 xmltooling-schemas_1.5.3-2+deb8u4_all.deb
12605cfbc8c46aebacbb1f0ec2e069685fb3905aa075ae8984889deac1b11eb6 466330 libxmltooling-doc_1.5.3-2+deb8u4_all.deb
Files:
5a466c8164204b3c0d3497ef98d1c12f 2433 libs extra xmltooling_1.5.3-2+deb8u4.dsc
e255977234adc02f58d33a633ebc695e 12772 libs extra xmltooling_1.5.3-2+deb8u4.debian.tar.xz
15b1de6e0ff7ba51f66adb1334668708 590114 libs extra libxmltooling6_1.5.3-2+deb8u4_i386.deb
970f78e24f7c2b820936201df319848b 72830 libdevel extra libxmltooling-dev_1.5.3-2+deb8u4_i386.deb
8ea498ccfcb6a1d1c43d2b1d21bb722a 17216 text extra xmltooling-schemas_1.5.3-2+deb8u4_all.deb
bb718a2f4c322417cbe0548177c8e133 466330 doc extra libxmltooling-doc_1.5.3-2+deb8u4_all.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAlyHydoACgkQOsj3Fkd+
2yOiCw/+Iqgk2FWPTNBg9iBhC/5BskmSMzMe0ygtZeFQUhGla0PzAQmgiRpxh8pK
wSJO51EOq2UqISMxssNy+JM/5BHzvkBCjUpyGTQM/9RIWlouizPk2Dx/T+EzEqvz
jtQOPxxdJOFU9w/CLQeuY8QUFyeeLvCNfLlJogQw312dAdayg7arHtNtFed2xcwc
j/kGyHK1t8AN7I8cbBk9zskdHsV/TEmGDuZKxbOtxbjL74LSI8Q/l1DC2fROXryr
WURhkzlG93CDnVs/m6xyhFWz+FyWzWRGEi5lvMci0zAHq08vDx36Gh5GhK19seYS
iHLmKR0+XlNUT/haSeInSNzNPIERBfalVKmEaniN8wyQLoTDa7tf7ihIiD1WT1SL
7BqIUX+1UMofVC6XRbrsfPniZO5CHjUkNw/lO3B3nqN09cdsblpdex8SohEoHRvo
yI7ijqGB2vtp30H9onzQ9wwowRNInEscgBsAPOlFoVlKtT/gIofSDRH+KRgtneTp
51JsmQB0b7QlUnt/sg74REye3L8EAPq6rJdZ6g7nINhPRoUnq2DbOG2d6ETvQVNb
PirdRFbozilJxUFpbVffRBGv7tcyDaDXGV/Ciz5+90jVJYv1bsZHyFoQVIzHEZ5D
jOxFpQ1mhUYtnAAjm6cZAkDjlOiHgXKI75nYI7z3RuHUVcY8ygo=
=gqO6
-----END PGP SIGNATURE-----