debian/1.5.3-2+deb8u3 · Tags · Shibboleth Team / xmltooling

debian/1.5.3-2+deb8u3
f960d2a6 · Update changelog for 1.5.3-2+deb8u3 release · Feb 22, 2018
xmltooling Debian release 1.5.3-2+deb8u3

Format: 1.8
Date: Thu, 22 Feb 2018 09:50:20 +0100
Source: xmltooling
Binary: libxmltooling6 libxmltooling-dev xmltooling-schemas libxmltooling-doc
Architecture: source i386 all
Version: 1.5.3-2+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Description:
 libxmltooling-dev - C++ XML parsing library with encryption support (development)
 libxmltooling-doc - C++ XML parsing library with encryption support (API docs)
 libxmltooling6 - C++ XML parsing library with encryption support (runtime)
 xmltooling-schemas - XML schemas for XMLTooling
Changes:
 xmltooling (1.5.3-2+deb8u3) jessie-security; urgency=high
 .
   * [2890d0c] New patches fixing CVE-2018-0489: additional data forgery flaws.
     These flaws allow for changes to an XML document that do not break a
     digital signature but alter the user data passed through to applications
     enabling impersonation attacks and exposure of protected information.
     https://shibboleth.net/community/advisories/secadv_20180227.txt
     https://issues.shibboleth.net/jira/browse/CPPXT-128
     The Add-disallowDoctype-to-parser-configuration.patch is not effective
     under Xerces 3.1 in jessie, but provides more generic protection under
     Xerces 3.2 against issues like CVE-2018-0486.  It's included here for
     completeness and to avoid a conflict applying the CVE-2018-0489 patch.
Checksums-Sha1:
 0dbb54dcdd53669417299339af98e287a7af76c9 1550 xmltooling_1.5.3-2+deb8u3.dsc
 05b738249cbb42238db4800a18cba2ff8e8798bc 12184 xmltooling_1.5.3-2+deb8u3.debian.tar.xz
 399609750c99a4e52cead45366eb076781aff3ff 589136 libxmltooling6_1.5.3-2+deb8u3_i386.deb
 9decbddab46d7f3fe15c696ab8bf8adf3c2c38f1 72542 libxmltooling-dev_1.5.3-2+deb8u3_i386.deb
 5c774c84738c584b31636876af72c374b9f36b0d 16938 xmltooling-schemas_1.5.3-2+deb8u3_all.deb
 cd15fd92cdd1075bd4bc355ee99ee6c25ea31544 465924 libxmltooling-doc_1.5.3-2+deb8u3_all.deb
Checksums-Sha256:
 32ac8717329da03be4b2b99d1163ba3bd359d22d93f8c259c403637f7c822849 1550 xmltooling_1.5.3-2+deb8u3.dsc
 845d61d0be82d61a96f1b2eaf4372b2b4da01985e9ac2cfa6efe4cd1529616eb 12184 xmltooling_1.5.3-2+deb8u3.debian.tar.xz
 b817f8166bdcd53ad3789b971190dc11a580839485a0b70315f48a58c1c659be 589136 libxmltooling6_1.5.3-2+deb8u3_i386.deb
 c53cda9fe0a65a8ba84c0cf1aad7196ca3b1e576a4d3785e13f950aad83e7a06 72542 libxmltooling-dev_1.5.3-2+deb8u3_i386.deb
 7f756ea367edd0418292a43b4125b79979024ff8731ac6deb27a072175637039 16938 xmltooling-schemas_1.5.3-2+deb8u3_all.deb
 09170e6b7f6f8cf9581f7287af27bf179f5628a0cb46620f1fc901ae177fdc4a 465924 libxmltooling-doc_1.5.3-2+deb8u3_all.deb
Files:
 68cbb6575562ea4e46ac0e9b92aebf8d 1550 libs extra xmltooling_1.5.3-2+deb8u3.dsc
 089a184270592f78fced1be4217389a2 12184 libs extra xmltooling_1.5.3-2+deb8u3.debian.tar.xz
 7ae8eb2f066f98033a872e1f27fcc7e4 589136 libs extra libxmltooling6_1.5.3-2+deb8u3_i386.deb
 db1a5bff184098b1e90221fa5f6efde4 72542 libdevel extra libxmltooling-dev_1.5.3-2+deb8u3_i386.deb
 0011793f82dea9ae2c4d51a74ea2132c 16938 text extra xmltooling-schemas_1.5.3-2+deb8u3_all.deb
 8b67b75ed5c4ca4187699b7b046bb86f 465924 doc extra libxmltooling-doc_1.5.3-2+deb8u3_all.deb