-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 28 Feb 2018 22:59:23 +0100 Source: xmltooling Binary: libxmltooling5 libxmltooling-dev xmltooling-schemas libxmltooling-doc Architecture: source amd64 all Version: 1.4.2-5+deb7u3 Distribution: wheezy-security Urgency: high Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libxmltooling-dev - C++ XML parsing library with encryption support (development) libxmltooling-doc - C++ XML parsing library with encryption support (API docs) libxmltooling5 - C++ XML parsing library with encryption support (runtime) xmltooling-schemas - XML schemas for XMLTooling Changes: xmltooling (1.4.2-5+deb7u3) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Kelby Ludwig and Scott Cantor discovered that the Shibboleth service provider is vulnerable to impersonation attacks and information disclosure due to incorrect XML parsing. For additional details please refer to the upstream advisory at https://shibboleth.net/community/advisories/secadv_20180227.txt Checksums-Sha1: d0a0c636e8cdf8b730577fda3d73537242f36a3d 2497 xmltooling_1.4.2-5+deb7u3.dsc 9f1805384a25205135af170504d922e0b2a8b15b 11910 xmltooling_1.4.2-5+deb7u3.debian.tar.gz 1e4519b8867501bfac59c9d7119aa0baa4b0d358 887278 libxmltooling5_1.4.2-5+deb7u3_amd64.deb b7c7eb9164aee18a647dfa061690bb5598144c47 83144 libxmltooling-dev_1.4.2-5+deb7u3_amd64.deb 8e36b2feff85a95fa5edd5a2b83876db25ea4f5e 16344 xmltooling-schemas_1.4.2-5+deb7u3_all.deb c0c0f33e74eb6f56a901508962927e2834cd3fe2 6099954 libxmltooling-doc_1.4.2-5+deb7u3_all.deb Checksums-Sha256: 4c7316f41c906b42f229c5e5008d5fd2beed01ecca1ac6f1c713c65eb086e9de 2497 xmltooling_1.4.2-5+deb7u3.dsc 3a03604d219a5bb19a98a5b12734e88b4f95db4f2a3eddacfe96089594e8b2cc 11910 xmltooling_1.4.2-5+deb7u3.debian.tar.gz 29d034872516ad31732e1ac678d0876a4c56e1b14792343546f6324288b477db 887278 libxmltooling5_1.4.2-5+deb7u3_amd64.deb d0ac3d1e24ec722bef889555a3cbaf1f36320089c5d6ead7d794e40ca810b2d5 83144 libxmltooling-dev_1.4.2-5+deb7u3_amd64.deb 6c35578cd8666e44e6642cb7fff45a8a5c52b2b7eb037016ada6d4c0d6010666 16344 xmltooling-schemas_1.4.2-5+deb7u3_all.deb 2eecc90ab2c6f5fbaeac7c6d148c0b3bc074aa52c6b71c834acbe375b36f36ca 6099954 libxmltooling-doc_1.4.2-5+deb7u3_all.deb Files: 9c6e08a0dbdce847b002ce694fe25036 2497 libs extra xmltooling_1.4.2-5+deb7u3.dsc b98dcf7d1e0f3b31d12183a55806f9aa 11910 libs extra xmltooling_1.4.2-5+deb7u3.debian.tar.gz 09a1347bf22f65d18a1e3cd1f6d6cca5 887278 libs extra libxmltooling5_1.4.2-5+deb7u3_amd64.deb e2d26e8a2a2a117d79a13c395c14f9e5 83144 libdevel extra libxmltooling-dev_1.4.2-5+deb7u3_amd64.deb 681a6d9456f80f83456f2f2c0962a53f 16344 text extra xmltooling-schemas_1.4.2-5+deb7u3_all.deb 033da7d2f4828afa2789906e240e3c43 6099954 doc extra libxmltooling-doc_1.4.2-5+deb7u3_all.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlqXMRRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkNgEQAJM69qyX/nslXisoCuqOpnGDQE3WPPg+8/zD QKHoALj0wpVNhKtSEOZPn8/XaqNUA0zgnQcaBRk0qpzjwIo397TrOBd3iNfqsjYj 1brPaP+ESdvYDAC29IA5Wl128GWyWIEa1B41DOI47An1m1tN9QrPxDk+DQH5BUuI dcRkxc8bL+pMxkZjlSlNgDH3UI3WSpm4L45QmitWGPO5MOtyjhz4yWDrHox0VY46 dJ0ehZJB0KhebcxZZZ2pWcNloA7tb4/McHWj3hCHsG/4ovT35JU9Otgpb7XO3cLt g5ef1g4bV0YGujY6huv4uMZ9T13bEpiCMwQNkdgjxg5H6l/BzoBc9wPjPuD+PVJa jQkd28fZL8WjBZBpd3njjnnCDRyiiaWO1AewyKtG2+tu2A2WJ3r+mC9gnAuFexjO ek5sAHFdDOByj5+2YeJpwO8UgGDUPxjahDHaHEKYZDRae3LRN2W2PE8lbKyRSMES oF2kvFkZ4h6514IaLwLvsQHPa4IwfKzmpnKLyaxESkwBk0GQPeZbwNDde8AfGP6n xRJ+zpIn816UiYExaF+s7PFiXTiQxGbYMgqPNi8lux9ZMpJNAbBRpFHnoR8cEPC7 3uCWR90UT8m0wo2jdjOtMKUuw9ibV0x77pogRUwSWZprKkhxCkfJ/Rrcyq5kAxLe rgsiNVE4 =jCLA -----END PGP SIGNATURE-----