xmltooling 3.0.4-1 source package in Ubuntu
Changelog
xmltooling (3.0.4-1) unstable; urgency=high
* [f185b26] New upstream security release: 3.0.4
DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML
declaration.
Invalid data in the XML declaration causes an exception of a type
that was not handled properly in the parser class and propagates an
unexpected exception type.
This generally manifests as a crash in the calling code, which in the
Service Provider software's case is usually the shibd daemon process,
but can be Apache in some cases. Note that the crash occurs prior to
evaluation of a message's authenticity, so can be exploited by an
untrusted attacker.
https://shibboleth.net/community/advisories/secadv_20190311.txt
https://issues.shibboleth.net/jira/browse/CPPXT-143
Thanks to Scott Cantor (Closes: #924346)
-- Ferenc Wágner <email address hidden> Thu, 14 Mar 2019 14:58:36 +0100
Upload details
- Uploaded by:
- Debian Shib Team
- Uploaded to:
- Sid
- Original maintainer:
- Debian Shib Team
- Architectures:
- any all
- Section:
- libs
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| xmltooling_3.0.4-1.dsc | 2.6 KiB | 7597c2b1c21205527531648443586d4b32b6937652e72dedfbcdbb6be9e31bfc |
| xmltooling_3.0.4.orig.tar.bz2 | 594.2 KiB | bb87febe730f97fc58f6f6b6782d7ab89bf240944dd6e5f1c1d9681254bb9a88 |
| xmltooling_3.0.4.orig.tar.bz2.asc | 833 bytes | d25e2b86fe37f1764ce6262bf6741f378164b1883d5438cd8c8ccc6e7bbd6948 |
| xmltooling_3.0.4-1.debian.tar.xz | 51.7 KiB | 013d771ee9f5be8f1a7268a379e36bf2a5909172612d1314a3af3a90b0ad59e0 |
Available diffs
- diff from 3.0.3-1 to 3.0.4-1 (3.7 KiB)
No changes file available.
Binary packages built by this source
- libxmltooling-dev: No summary available for libxmltooling-dev in ubuntu eoan.
No description available for libxmltooling-dev in ubuntu eoan.
- libxmltooling-doc: No summary available for libxmltooling-doc in ubuntu disco.
No description available for libxmltooling-doc in ubuntu disco.
- libxmltooling8: C++ XML parsing library with encryption support (runtime)
The XMLTooling library contains generic XML parsing and
processing classes based on the Xerces-C DOM. It adds more powerful facilities
for declaring element- and type-specific API and implementation classes, as
well as signing and encryption support.
.
This package contains the files necessary for running applications that
use the XMLTooling library.
- libxmltooling8-dbgsym: No summary available for libxmltooling8-dbgsym in ubuntu disco.
No description available for libxmltooling8-
dbgsym in ubuntu disco.
- xmltooling-schemas: XML schemas for XMLTooling
The XMLTooling library contains generic XML parsing and
processing classes based on the Xerces-C DOM. It adds more powerful facilities
for declaring element- and type-specific API and implementation classes, as
well as signing and encryption support.
.
This package contains the XML schema files used by the XMLTooling
library.
