Debian
xmltooling package

xmltooling 3.2.0-3+deb11u1 source package in Debian

Changelog

xmltooling (3.2.0-3+deb11u1) bullseye-security; urgency=high

  * [6afa199] New patch: CPPXT-157 - Install blocking URI resolver into
    Santuario.
    Fix a denial of service vulnerability: Parsing of KeyInfo elements can
    cause remote resource access.
    Including certain legal but "malicious in intent" content in the
    KeyInfo element defined by the XML Signature standard will result
    in attempts by the SP's shibd process to dereference untrusted
    URLs.
    While the content of the URL must be supplied within the message
    and does not include any SP internal state or dynamic content,
    there is at minimum a risk of denial of service, and the attack
    could be combined with others to create more serious vulnerabilities
    in the future.
    Thanks to Scott Cantor for the fix. (Closes: #1037948)

 -- Ferenc Wágner <email address hidden>  Wed, 14 Jun 2023 22:44:03 +0200

Upload details

Uploaded by:
Debian Shib Team
Uploaded to:
Bullseye
Original maintainer:
Debian Shib Team
Architectures:
any all
Section:
libs
Urgency:
Very Urgent

See full publishing history Publishing

Series Pocket Published Component Section
Bullseye release main libs

Builds

Downloads

File Size SHA-256 Checksum
xmltooling_3.2.0-3+deb11u1.dsc 2.5 KiB 04fc132929de9741b71c9ebf804a645a053cb3575a4f1f8aa886dc0ef638bed6
xmltooling_3.2.0.orig.tar.bz2 594.5 KiB 635ce0e912d8fbd450103c274237067923efac3e1b3662b4d3040f3ac5eb2e86
xmltooling_3.2.0-3+deb11u1.debian.tar.xz 18.2 KiB 97fe34c11a2e10dae3b926ddecf0498561c60d27371cb3d05220505a25ef590f

No changes file available.

Binary packages built by this source