-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 28 Feb 2018 10:39:05 +0100 Source: xmltooling Binary: libxmltooling7 libxmltooling-dev xmltooling-schemas libxmltooling-doc Architecture: source Version: 1.6.4-1 Distribution: unstable Urgency: high Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org> Changed-By: Ferenc Wágner <wferi@debian.org> Description: libxmltooling-dev - C++ XML parsing library with encryption support (development) libxmltooling-doc - C++ XML parsing library with encryption support (API docs) libxmltooling7 - C++ XML parsing library with encryption support (runtime) xmltooling-schemas - XML schemas for XMLTooling Changes: xmltooling (1.6.4-1) unstable; urgency=high . * [6c27b19] New upstream security release 1.6.4 DSA-4126-1, CVE-2018-0489: additional data forgery flaws These flaws allow for changes to an XML document that do not break a digital signature but alter the user data passed through to applications enabling impersonation attacks and exposure of protected information. https://shibboleth.net/community/advisories/secadv_20180227.txt https://issues.shibboleth.net/jira/browse/CPPXT-128 * [621ab19] Refresh our patches Checksums-Sha1: 55a70570b7ff2805349a1dd0a05e5f7cedf2d239 2462 xmltooling_1.6.4-1.dsc dea065379b611bbc0f1e9320fcb36662c7884d8a 581796 xmltooling_1.6.4.orig.tar.bz2 caa17312e4529c4a991bc447d899017b95ae3a51 71596 xmltooling_1.6.4-1.debian.tar.xz 2eaaad54cef5c67ff2c5575b013e8c9bf77211a9 9589 xmltooling_1.6.4-1_amd64.buildinfo Checksums-Sha256: 0caa468b564644d5f355ca2ed6807ed92d43babcef2afd494f08cf039fe71972 2462 xmltooling_1.6.4-1.dsc 4c0c4a08b8c55f1210673281f37fc95b6d1d365a8cdc726fd189dea96c45efca 581796 xmltooling_1.6.4.orig.tar.bz2 d9c12fa2723995d083382fe4798b801e4d3b05b90a9026140a375a39d06a5bae 71596 xmltooling_1.6.4-1.debian.tar.xz 0e3939bacbcd82a1576b16e084f24cecaca950c394948ea70f7e905101ea133a 9589 xmltooling_1.6.4-1_amd64.buildinfo Files: e44342f1fd7f88492bcae10cd6581a2c 2462 libs optional xmltooling_1.6.4-1.dsc 27dca3e406526430c465ce2582ea9ea1 581796 libs optional xmltooling_1.6.4.orig.tar.bz2 067ac8cd65422f0c05b2ff9981b8f2f8 71596 libs optional xmltooling_1.6.4-1.debian.tar.xz 02c018b87d2e96360f56af5ce66c7900 9589 libs optional xmltooling_1.6.4-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAlqWj4kACgkQOsj3Fkd+ 2yOvwg//ec5QNcHcwBwaZ/xQQp0maCKyC9Sl2yCVLpnvnJXdu7kp7s7FuJ485TxL QH8Jh+rl1K15kgkYbev1/4EmL1wGvFmnYVGPebPxhHt3IQZqRWarwTWnNaPwqxYG QDNGlXa+OMTeGlZZDxI4SoNHbni2HxmSu9FfpnrU8EBZfOxS06ohh6REdPvgXh0n tSWJxC1lrvJZof3ltjhrg9GBr+4LJ6/WPq1xRr2u3P++8MIsF9ZbFwyzDE/y7Q/2 m6H12l01n0Pn76Kn4vmKEONDtiajWoEXNGFnMaQz9EK9w5UqUc6nafzvmMgB0QIH /I32ruW1nxNwAJxlOqWlruSrJDi1wh2L+fj8twtRwXYwwgylno/6HzObC32rCpC2 kPmGnoiN7qZgUdf7NgzwpHLfLQGzKuu+S3TjKcjMcTYVD1zREUTmXXslQjW4af12 Qj91xpYvIsJRyl8yhyWspJyOXKVXwbyxgaG3+zueQR2Gq7eqSkLB6/DYOKPuQu25 hF+kAaNBd7KSUxtVCPvKSZN51Vi3sHyJics3pNJvV+J3XuaQ9oSYP49tduclm8fX pydOyzAywTn+ywc+lOOvCMte38y0AxZz/Hynl7AQ//yUcfz+3vUxt3/qFNaRm7gC thU724cADAlWfL2HFYtxGaEu3k9p+XZrwZBbhssfTkeqXnzuxz0= =F9P5 -----END PGP SIGNATURE-----