[SCM] Debian packaging for XMLTooling-C branch, debian, updated. upstream/1.2.2-71-g963dec2
Russ Allbery
rra at debian.org
Fri Nov 6 19:18:05 UTC 2009
The following commit has been merged in the debian branch:
commit 963dec2eb9a513001e633f8437cd0f2fff9c9e86
Author: Russ Allbery <rra at debian.org>
Date: Fri Nov 6 11:16:56 2009 -0800
Add initial changelog for 1.3-1
diff --git a/debian/changelog b/debian/changelog
index a358f3e..15060ce 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+xmltooling (1.3-1) UNRELEASED; urgency=high
+
+ * Urgency set to high for security fix.
+ * New upstream release.
+ - SECURITY: Partial fix for improper handling of URLs that could be
+ abused for script injection and other cross-site scripting attacks.
+ The complete fix also requires newer opensaml2 and shibboleth-sp2
+ packages. (CVE-2009-3300)
+ - Add setter for KeyInfoResolver object.
+ - Fix extraction of cert info for UTF-8 handling changes.
+ - Fix passing of TransportOption configuration to cURL.
+ - Fix instability in reusing a DOM after signing it.
+ - Remove xmlns:xml namespace declaration when marshalling and
+ unmarshalling to avoid canonicalization bugs.
+
+ -- Russ Allbery <rra at debian.org> Fri, 06 Nov 2009 11:16:43 -0800
+
xmltooling (1.2.2-1) unstable; urgency=high
* Urgency set to high for security fix.
--
Debian packaging for XMLTooling-C
More information about the Pkg-shibboleth-devel
mailing list