xmltooling_3.0.4-1_source.changes ACCEPTED into unstable

Debian FTP Masters ftpmaster at ftp-master.debian.org
Thu Mar 14 15:20:27 GMT 2019



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 14 Mar 2019 14:58:36 +0100
Source: xmltooling
Architecture: source
Version: 3.0.4-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel at lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi at debian.org>
Closes: 924346
Changes:
 xmltooling (3.0.4-1) unstable; urgency=high
 .
   * [f185b26] New upstream security release: 3.0.4
     DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML
     declaration.
     Invalid data in the XML declaration causes an exception of a type
     that was not handled properly in the parser class and propagates an
     unexpected exception type.
     This generally manifests as a crash in the calling code, which in the
     Service Provider software's case is usually the shibd daemon process,
     but can be Apache in some cases. Note that the crash occurs prior to
     evaluation of a message's authenticity, so can be exploited by an
     untrusted attacker.
     https://shibboleth.net/community/advisories/secadv_20190311.txt
     https://issues.shibboleth.net/jira/browse/CPPXT-143
     Thanks to Scott Cantor (Closes: #924346)
Checksums-Sha1:
 5bae877c157e05c1161bc104f673c9a30cccfd32 2677 xmltooling_3.0.4-1.dsc
 e0ef8e450c6517eca3273d9900777b354d3997bf 608437 xmltooling_3.0.4.orig.tar.bz2
 ea9ddb61217250015760c11bf6f1a8641ad3e17b 833 xmltooling_3.0.4.orig.tar.bz2.asc
 52ae2293d2f6d0e68c5db083a20cf7c1e35471e9 52912 xmltooling_3.0.4-1.debian.tar.xz
 eb4243157a4eecc87bf4033922629fc4416d9b92 9832 xmltooling_3.0.4-1_amd64.buildinfo
Checksums-Sha256:
 7597c2b1c21205527531648443586d4b32b6937652e72dedfbcdbb6be9e31bfc 2677 xmltooling_3.0.4-1.dsc
 bb87febe730f97fc58f6f6b6782d7ab89bf240944dd6e5f1c1d9681254bb9a88 608437 xmltooling_3.0.4.orig.tar.bz2
 d25e2b86fe37f1764ce6262bf6741f378164b1883d5438cd8c8ccc6e7bbd6948 833 xmltooling_3.0.4.orig.tar.bz2.asc
 013d771ee9f5be8f1a7268a379e36bf2a5909172612d1314a3af3a90b0ad59e0 52912 xmltooling_3.0.4-1.debian.tar.xz
 1778a5430e07a8866e0e0b16401119089b55efe831e863e30ed0617492aa074a 9832 xmltooling_3.0.4-1_amd64.buildinfo
Files:
 308c3546142c7658a582a4c42acc1254 2677 libs optional xmltooling_3.0.4-1.dsc
 b210bffe55ddaf8ded77af4ac8389639 608437 libs optional xmltooling_3.0.4.orig.tar.bz2
 c7858fa00afbaaf864c9b1f7c8c6908b 833 libs optional xmltooling_3.0.4.orig.tar.bz2.asc
 b67c62db4d85791052c1b92e5fb015b2 52912 libs optional xmltooling_3.0.4-1.debian.tar.xz
 a1e98c1b410ce9126748e118454dfce8 9832 libs optional xmltooling_3.0.4-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAlyKYrcACgkQOsj3Fkd+
2yM2MBAAjoNmuufKDbPZJvlKFGnBuapwFpBu+TcVOH3j2uy9zHzVjcVM5CNDZ9Hr
vjbDwg050KG7AmunTeygi/d3/v/N+z4Q7DF5dCGbryyjBeKuy72gvhJdmigI1kay
cXzljhrWmiM1X58khjrLqBLqP0bpHXMzk+73qubf5wI4uRdPqE0xo95ygglINb6z
w57ZJODyT4RcDI/h5Fgk0iKo+4DrHE7M6r1h41HYXWja6Kxdgr45y6QVgljHjrEj
NR3Xl84CLdd/mDDbqp+n0y5F/ce3O6MINcU5EDAJOe2W4F+tt4AwcfV3SJWWgVwU
ewJ6bywX2wCiXFRl5z2lVeNVMPeg4Y04GVupStmb6PwzXcq79U85oLCBMrgu+fzk
W35nXD4XEcXTreRfD3tpHN8/Rbriohhq/EEwITBUD5njr/S2k2o9wzkbqOMRlj86
qhqGcAcDHTqboFWKX9VZLKNXXMFycJ/rJrneCNuhQL5j8fbJ6cbelpgsUYVv0Nhp
4qd88AquVGab6Ny5z/NcEAiyB7Gh5sNlPZjc18wZbDHkMSwLe9kJ3zuR9V6Ryms8
mzJjI1USPa64oPWMslyIgTSSXoBlqMnO5vtx1ELlDGizdAhpSwoX0surwj29NE1a
cvOD6zGOSVm7IZaDqgJalem6563V2bWflVJmVEs03fLflUof/CA=
=7hrA
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the Pkg-shibboleth-devel mailing list