Package: libxmltooling8 Version: 3.0.4-1 Severity: important Tags: upstream
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Dear Maintainer, According to an upstream bug report [1], xmltooling versions 3.0.0 to 3.0.4 suffer from a race condition bug that leads to a crash under load. This bug affects the Shibboleth Service Provider (SP) software (source package: shibboleth-sp) which is the main user of libxmltooling. The only way to avoid this crash is to disable the "session recovery" feature which was introduced in the SP version 3 [2, 3]. Upstream has released xmltooling version 3.0.5 especially to fix that bug. Since this new release is already in Debian unstable (thanks!), please consider uploading it to stable as well, so that the new session recovery feature works without crashing the whole SP. Sincerely, Etienne [1] https://issues.shibboleth.net/jira/browse/CPPXT-145 [2] https://wiki.shibboleth.net/confluence/display/SP3/SessionCache [3] https://shibboleth.net/pipermail/dev/2019-September/010552.html - -- System Information: Debian Release: buster/sid APT prefers bionic-updates APT policy: (500, 'bionic-updates'), (500, 'bionic-security'), (500, 'bionic'), (100, 'bionic-backports') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.3.0-26-generic (SMP w/16 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEELcQv7Fsn8jFmeD9mw2QssxGaOsAFAl4xTwwACgkQw2QssxGa OsCn5w/9HZRi93Lcgj43qYYx/LxSFRCNMYbRAF5CA0HcrTxuItkbcdUO8BiWGJOF 29fsxkEcNVaDJkPxKS5GiePG6LqcTyTbEy5mf/ib4cQpDB67QrJ+fo18TIOA1H0q M7DC6PazwrAJg2i4qTiZG+7SO4YXArFktDZRfLM1lwtVpblwG9QUmh5R7JlBLFDN aX8ou6L+hDMl0pLUCzBYBBve7IxT5Kz7vSNVwTCDLDh9uofXJ3ghVadiRwzJnfHX wCQ7V3Ghtm0BWe3KZgiutl0SvnQUMAeT4WsGy/BJ/zmz6Qx4N1rm5hSBsDMuPON0 wFR6kzRlBPP0i+AYbs5XGZ10e3R9q75yfAnILxGsuRk7M5EjSFd7lHfroWBuNtQ6 Whx0AFs985HT9Fv+cjAP7Aj3lA3Kw97FX4txyKLVGpoNSwz6/qHEMD+ZcFiZlyuP MinbAIOzdKwNWO5NJKozLdHI4sOwfjze/RhWtWriUvsLx5+gUDDKsKZH1kVroMz/ C22i4pgDzOYcAd7lFpVPkGKFP6kcGHEqOpFEsvfUs9UFscRM6j5/ChYuc0fE+VVd MepFqGuaqH4c24A370IBuNHeAPK9wZdVVqmqIipU8136hGu25B37vyG2HpEbkOLM TQtAezafUtiLphMLKSOlWBq+3S+6LeyhXblaDB+ZRyCvNPV/ZUg= =sqMu -----END PGP SIGNATURE-----