-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 14 Mar 2019 14:58:36 +0100
Source: xmltooling
Architecture: source
Version: 3.0.4-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-de...@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wf...@debian.org>
Closes: 924346
Changes:
xmltooling (3.0.4-1) unstable; urgency=high
.
* [f185b26] New upstream security release: 3.0.4
DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML
declaration.
Invalid data in the XML declaration causes an exception of a type
that was not handled properly in the parser class and propagates an
unexpected exception type.
This generally manifests as a crash in the calling code, which in the
Service Provider software's case is usually the shibd daemon process,
but can be Apache in some cases. Note that the crash occurs prior to
evaluation of a message's authenticity, so can be exploited by an
untrusted attacker.
https://shibboleth.net/community/advisories/secadv_20190311.txt
https://issues.shibboleth.net/jira/browse/CPPXT-143
Thanks to Scott Cantor (Closes: #924346)
Checksums-Sha1:
5bae877c157e05c1161bc104f673c9a30cccfd32 2677 xmltooling_3.0.4-1.dsc
e0ef8e450c6517eca3273d9900777b354d3997bf 608437 xmltooling_3.0.4.orig.tar.bz2
ea9ddb61217250015760c11bf6f1a8641ad3e17b 833 xmltooling_3.0.4.orig.tar.bz2.asc
52ae2293d2f6d0e68c5db083a20cf7c1e35471e9 52912 xmltooling_3.0.4-1.debian.tar.xz
eb4243157a4eecc87bf4033922629fc4416d9b92 9832
xmltooling_3.0.4-1_amd64.buildinfo
Checksums-Sha256:
7597c2b1c21205527531648443586d4b32b6937652e72dedfbcdbb6be9e31bfc 2677
xmltooling_3.0.4-1.dsc
bb87febe730f97fc58f6f6b6782d7ab89bf240944dd6e5f1c1d9681254bb9a88 608437
xmltooling_3.0.4.orig.tar.bz2
d25e2b86fe37f1764ce6262bf6741f378164b1883d5438cd8c8ccc6e7bbd6948 833
xmltooling_3.0.4.orig.tar.bz2.asc
013d771ee9f5be8f1a7268a379e36bf2a5909172612d1314a3af3a90b0ad59e0 52912
xmltooling_3.0.4-1.debian.tar.xz
1778a5430e07a8866e0e0b16401119089b55efe831e863e30ed0617492aa074a 9832
xmltooling_3.0.4-1_amd64.buildinfo
Files:
308c3546142c7658a582a4c42acc1254 2677 libs optional xmltooling_3.0.4-1.dsc
b210bffe55ddaf8ded77af4ac8389639 608437 libs optional
xmltooling_3.0.4.orig.tar.bz2
c7858fa00afbaaf864c9b1f7c8c6908b 833 libs optional
xmltooling_3.0.4.orig.tar.bz2.asc
b67c62db4d85791052c1b92e5fb015b2 52912 libs optional
xmltooling_3.0.4-1.debian.tar.xz
a1e98c1b410ce9126748e118454dfce8 9832 libs optional
xmltooling_3.0.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAlyKYrcACgkQOsj3Fkd+
2yM2MBAAjoNmuufKDbPZJvlKFGnBuapwFpBu+TcVOH3j2uy9zHzVjcVM5CNDZ9Hr
vjbDwg050KG7AmunTeygi/d3/v/N+z4Q7DF5dCGbryyjBeKuy72gvhJdmigI1kay
cXzljhrWmiM1X58khjrLqBLqP0bpHXMzk+73qubf5wI4uRdPqE0xo95ygglINb6z
w57ZJODyT4RcDI/h5Fgk0iKo+4DrHE7M6r1h41HYXWja6Kxdgr45y6QVgljHjrEj
NR3Xl84CLdd/mDDbqp+n0y5F/ce3O6MINcU5EDAJOe2W4F+tt4AwcfV3SJWWgVwU
ewJ6bywX2wCiXFRl5z2lVeNVMPeg4Y04GVupStmb6PwzXcq79U85oLCBMrgu+fzk
W35nXD4XEcXTreRfD3tpHN8/Rbriohhq/EEwITBUD5njr/S2k2o9wzkbqOMRlj86
qhqGcAcDHTqboFWKX9VZLKNXXMFycJ/rJrneCNuhQL5j8fbJ6cbelpgsUYVv0Nhp
4qd88AquVGab6Ny5z/NcEAiyB7Gh5sNlPZjc18wZbDHkMSwLe9kJ3zuR9V6Ryms8
mzJjI1USPa64oPWMslyIgTSSXoBlqMnO5vtx1ELlDGizdAhpSwoX0surwj29NE1a
cvOD6zGOSVm7IZaDqgJalem6563V2bWflVJmVEs03fLflUof/CA=
=7hrA
-----END PGP SIGNATURE-----
