Change logs for xmltooling source package in Bookworm

xmltooling (3.2.3-1+deb12u1) bookworm-security; urgency=high

  * [9e43891] New patch: CPPXT-157 - Install blocking URI resolver into
    Santuario.
    Fix a denial of service vulnerability: Parsing of KeyInfo elements can
    cause remote resource access.
    Including certain legal but "malicious in intent" content in the
    KeyInfo element defined by the XML Signature standard will result
    in attempts by the SP's shibd process to dereference untrusted
    URLs.
    While the content of the URL must be supplied within the message
    and does not include any SP internal state or dynamic content,
    there is at minimum a risk of denial of service, and the attack
    could be combined with others to create more serious vulnerabilities
    in the future.
    Thanks to Scott Cantor for the fix. (Closes: #1037948)

 -- Ferenc Wágner <email address hidden>  Wed, 14 Jun 2023 18:52:03 +0200

xmltooling (3.2.3-1) unstable; urgency=medium

  [ Ferenc Wágner ]
  * [f776702] New upstream release: 3.2.3
  * [bf7fe22] Drop upstream patch released in 3.2.2
  * [13f222e] Update Standards-Version to 4.6.2 (no changes required)
  * [952bc0e] Update debian/* copyright year
  * [4fef307] New patch: Fix capitalization of CipherReference.xml file name
  * [aa7f313] Add repository info to upstream metadata

  [ Debian Janitor ]
  * [a511f55] Set upstream metadata fields: Bug-Submit (from ./configure).
    Changes-By: lintian-brush
    Fixes: lintian: upstream-metadata-file-is-missing
  * [17d19f6] Remove constraints unnecessary since buster (oldstable)
    Changes-By: deb-scrub-obsolete

 -- Ferenc Wágner <email address hidden>  Wed, 11 Jan 2023 22:42:18 +0100