xmltooling_1.5.3-2+deb8u3_i386.changes ACCEPTED into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates

Debian FTP Masters ftpmaster at ftp-master.debian.org
Sat Mar 10 23:18:27 UTC 2018



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 22 Feb 2018 09:50:20 +0100
Source: xmltooling
Binary: libxmltooling6 libxmltooling-dev xmltooling-schemas libxmltooling-doc
Architecture: source i386 all
Version: 1.5.3-2+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi at debian.org>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling-doc - C++ XML parsing library with encryption support (API docs)
 libxmltooling6 - C++ XML parsing library with encryption support (runtime)
 xmltooling-schemas - XML schemas for XMLTooling
Changes:
 xmltooling (1.5.3-2+deb8u3) jessie-security; urgency=high
 .
   * [2890d0c] New patches fixing CVE-2018-0489: additional data forgery flaws.
     These flaws allow for changes to an XML document that do not break a
     digital signature but alter the user data passed through to applications
     enabling impersonation attacks and exposure of protected information.
     https://shibboleth.net/community/advisories/secadv_20180227.txt
     https://issues.shibboleth.net/jira/browse/CPPXT-128
     The Add-disallowDoctype-to-parser-configuration.patch is not effective
     under Xerces 3.1 in jessie, but provides more generic protection under
     Xerces 3.2 against issues like CVE-2018-0486.  It's included here for
     completeness and to avoid a conflict applying the CVE-2018-0489 patch.
Checksums-Sha1:
 347e378fedd61c382630cc3ff731efd8819531bb 2433 xmltooling_1.5.3-2+deb8u3.dsc
 05b738249cbb42238db4800a18cba2ff8e8798bc 12184 xmltooling_1.5.3-2+deb8u3.debian.tar.xz
 399609750c99a4e52cead45366eb076781aff3ff 589136 libxmltooling6_1.5.3-2+deb8u3_i386.deb
 9decbddab46d7f3fe15c696ab8bf8adf3c2c38f1 72542 libxmltooling-dev_1.5.3-2+deb8u3_i386.deb
 5c774c84738c584b31636876af72c374b9f36b0d 16938 xmltooling-schemas_1.5.3-2+deb8u3_all.deb
 cd15fd92cdd1075bd4bc355ee99ee6c25ea31544 465924 libxmltooling-doc_1.5.3-2+deb8u3_all.deb
Checksums-Sha256:
 174ad948d9d0a80d2e7f4db52a2f9a7aa847a29b2da78b7cc14b099b8f22e8b9 2433 xmltooling_1.5.3-2+deb8u3.dsc
 845d61d0be82d61a96f1b2eaf4372b2b4da01985e9ac2cfa6efe4cd1529616eb 12184 xmltooling_1.5.3-2+deb8u3.debian.tar.xz
 b817f8166bdcd53ad3789b971190dc11a580839485a0b70315f48a58c1c659be 589136 libxmltooling6_1.5.3-2+deb8u3_i386.deb
 c53cda9fe0a65a8ba84c0cf1aad7196ca3b1e576a4d3785e13f950aad83e7a06 72542 libxmltooling-dev_1.5.3-2+deb8u3_i386.deb
 7f756ea367edd0418292a43b4125b79979024ff8731ac6deb27a072175637039 16938 xmltooling-schemas_1.5.3-2+deb8u3_all.deb
 09170e6b7f6f8cf9581f7287af27bf179f5628a0cb46620f1fc901ae177fdc4a 465924 libxmltooling-doc_1.5.3-2+deb8u3_all.deb
Files:
 d6dbd8367b5f2a292f7ddc26a3bc988b 2433 libs extra xmltooling_1.5.3-2+deb8u3.dsc
 089a184270592f78fced1be4217389a2 12184 libs extra xmltooling_1.5.3-2+deb8u3.debian.tar.xz
 7ae8eb2f066f98033a872e1f27fcc7e4 589136 libs extra libxmltooling6_1.5.3-2+deb8u3_i386.deb
 db1a5bff184098b1e90221fa5f6efde4 72542 libdevel extra libxmltooling-dev_1.5.3-2+deb8u3_i386.deb
 0011793f82dea9ae2c4d51a74ea2132c 16938 text extra xmltooling-schemas_1.5.3-2+deb8u3_all.deb
 8b67b75ed5c4ca4187699b7b046bb86f 465924 doc extra libxmltooling-doc_1.5.3-2+deb8u3_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAlqOhiMACgkQOsj3Fkd+
2yORSxAAmR43R/GqxdQSoHAtHUGecDapx6Z+xtbwBG/9dm5Sz2OhdlVAKTW2kiIa
WNRQzHtdoFjBMkJVHGQpeXWD0EpZJj7ntyOaYkjJ3eQb4FCdzWniGURJ1qtFwztp
fXYijC+AkYyNn+Ix/pf4cjZztzvdzuIe0hRD6X5YK9D/hEFT6mThmXGk7/YApCud
qpbJGKp2zQ5yM+Uh+lijajhaHnKx0/gSfiAbHbNDYscFyNi1KHv4FMbVByx5cGRA
SFnkQOfJCJOiLmxciWoPUUQKcUwo9vahDDPrNKWCvBovVEqNWvSAMdmK4mluVgEa
82Ibg3V9jcnlgq0dgZOD+0HYDHOjP5LEw8OhGdWl7s0qr8u/esQABLanVPmyUITl
R2sRLemb3HapPMoxVSHtCPOY1muLr1g6TqB28VRzKMM0cIr8lq9KnR4qv6zNojyL
EGmqjuu6beXtdxxi0+XSCi41E1riL++LiAJI3NcTctTe5vWvbK8xq/gd/OobjUo0
WYDGm3lBdsMW3CF+KR1/sxRyjr2oSqw6STh/bYsf3wcRuTgwO8iMmS8Wr99nX8W4
K4nUhLRcRwSaFsLLMvmRmdESzYJVtSy2m/UNeyHAK8n+gizpytzf+MIJ2zBuzUEV
1kqh1bjAWVOLvIz92cJBoYo+oN5VyucPvi3U+W1tb8XZgqIdo8I=
=tcfV
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the Pkg-shibboleth-devel mailing list