Debian Package Tracker

From: Russ Allbery <rra@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted xmltooling 1.0-2+lenny1 (source i386 all)
Date: Fri, 25 Sep 2009 02:03:46 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 22 Sep 2009 19:23:54 -0700
Source: xmltooling
Binary: libxmltooling1 libxmltooling-dev xmltooling-schemas libxmltooling-doc
Architecture: source i386 all
Version: 1.0-2+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description: 
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling-doc - C++ XML parsing library with encryption support (API docs)
 libxmltooling1 - C++ XML parsing library with encryption support (runtime)
 xmltooling-schemas - XML schemas for XMLTooling
Changes: 
 xmltooling (1.0-2+lenny1) stable-security; urgency=high
 .
   * SECURITY: Certificate subject names were incorrectly matched against
     trusted "key names" when they contained nul characters.  This affects
     only Shibboleth deployments relying on the "PKIX" style of trust
     validation, used in the absence of explicit certificate information in
     the SAML metadata provided to the SP and reliance on certificate
     authorities found in the <KeyAuthority> metadata extension element.
     See <http://shibboleth.internet2.edu/secadv/secadv_20090817.txt>
   * SECURITY: Correctly handle decoding of malformed URLs, closing a
     possibly exploitable buffer overflow.
     See <http://shibboleth.internet2.edu/secadv/secadv_20090826.txt>
   * SECURITY: Correctly honor the "use" attribute of <KeyDescriptor> SAML
     metadata to honor restrictions to signing or encryption.  This is a
     partial fix; the complete fix also requires a new version of the
     OpenSAML library.
     See <http://shibboleth.internet2.edu/secadv/secadv_20090817a.txt>
Checksums-Sha1: 
 d4fe91401029d5b12782ed08db81d21be39cc03e 1457 xmltooling_1.0-2+lenny1.dsc
 e2563d78ba21e1503b9683ac9bb38aa3198190e4 549767 xmltooling_1.0.orig.tar.gz
 8471138c93b37ec5d400510c382693cf9e8338bb 8943 xmltooling_1.0-2+lenny1.diff.gz
 e4d2e6d53a9ef485dee049436bbe52792627e839 683958 libxmltooling1_1.0-2+lenny1_i386.deb
 d53c3d2036ba4d6b19c3754b28db3e75ae98fbd8 74980 libxmltooling-dev_1.0-2+lenny1_i386.deb
 5c76eca7449bf1a21899b7e79fce59721f93d6fa 11910 xmltooling-schemas_1.0-2+lenny1_all.deb
 2a242e814b6091626f64c84b405e0c9eafcf7c66 938774 libxmltooling-doc_1.0-2+lenny1_all.deb
Checksums-Sha256: 
 079d5f520df7669334f86cf6da0b3e6908627289a37c97657caa89f7b68a31b7 1457 xmltooling_1.0-2+lenny1.dsc
 736f4fb0aa1ecce583700e712719075532483b5110748adeed8daf3466b8b9ff 549767 xmltooling_1.0.orig.tar.gz
 d8edd0fcedba59d2e3faa360030649ab6d74577ce1a187488da1f6a944f19404 8943 xmltooling_1.0-2+lenny1.diff.gz
 22f51309c2e8fb52a9f467cb5ebb9c0ec98cc49c2ac3eb4cf80465f0757e6454 683958 libxmltooling1_1.0-2+lenny1_i386.deb
 e9058a61d1cd679893ed3df330022d896ba54cc19ced3e14341d6a600112dd10 74980 libxmltooling-dev_1.0-2+lenny1_i386.deb
 3570aceb5bdd696d8ab8a5262c336d9d5269edc0ef72b5e5eaf64c9f34fd1a15 11910 xmltooling-schemas_1.0-2+lenny1_all.deb
 9668a7b801de665340fcda5313cc44b10630e7d55de0e4abaa5550c51595554f 938774 libxmltooling-doc_1.0-2+lenny1_all.deb
Files: 
 b7a3967d272765308809a5c8d27595ed 1457 libs extra xmltooling_1.0-2+lenny1.dsc
 4e7c21608f0fbdcfd966263f0c350d99 549767 libs extra xmltooling_1.0.orig.tar.gz
 1317858121f3042e5cfb8367319b1c78 8943 libs extra xmltooling_1.0-2+lenny1.diff.gz
 4556a60904d3c09d735301cbadd463f4 683958 libs extra libxmltooling1_1.0-2+lenny1_i386.deb
 836fc866e7446cf594281eda1602c81f 74980 libdevel extra libxmltooling-dev_1.0-2+lenny1_i386.deb
 395d8f3a32e0c75da52a27c76f05c76f 11910 text extra xmltooling-schemas_1.0-2+lenny1_all.deb
 bc039db5a32dd02df34bf8b5146c551e 938774 doc extra libxmltooling-doc_1.0-2+lenny1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkq6ci4ACgkQ+YXjQAr8dHYH7wCfZe1Zu957/xF/5ey3j9Y/9g6T
J4sAoNpbhWxQ1UxywCWtjGTDrj0s0Coq
=aCZM
-----END PGP SIGNATURE-----


Accepted:
libxmltooling-dev_1.0-2+lenny1_i386.deb
  to pool/main/x/xmltooling/libxmltooling-dev_1.0-2+lenny1_i386.deb
libxmltooling-doc_1.0-2+lenny1_all.deb
  to pool/main/x/xmltooling/libxmltooling-doc_1.0-2+lenny1_all.deb
libxmltooling1_1.0-2+lenny1_i386.deb
  to pool/main/x/xmltooling/libxmltooling1_1.0-2+lenny1_i386.deb
xmltooling-schemas_1.0-2+lenny1_all.deb
  to pool/main/x/xmltooling/xmltooling-schemas_1.0-2+lenny1_all.deb
xmltooling_1.0-2+lenny1.diff.gz
  to pool/main/x/xmltooling/xmltooling_1.0-2+lenny1.diff.gz
xmltooling_1.0-2+lenny1.dsc
  to pool/main/x/xmltooling/xmltooling_1.0-2+lenny1.dsc
News for package xmltooling
