Skip to content
debian/3.0.4-1
Ferenc Wágner's avatar
Ferenc Wágner
@wferi
0ee31a0d · Update changelog for 3.0.4-1 release ·
Unverified 
xmltooling Debian release 3.0.4-1

Format: 1.8
Date: Thu, 14 Mar 2019 14:58:36 +0100
Source: xmltooling
Architecture: source
Version: 3.0.4-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 924346
Changes:
 xmltooling (3.0.4-1) unstable; urgency=high
 .
   * [f185b26] New upstream security release: 3.0.4
     DSA-4407-1, CVE-2019-9628: uncaught exception on malformed XML
     declaration.
     Invalid data in the XML declaration causes an exception of a type
     that was not handled properly in the parser class and propagates an
     unexpected exception type.
     This generally manifests as a crash in the calling code, which in the
     Service Provider software's case is usually the shibd daemon process,
     but can be Apache in some cases. Note that the crash occurs prior to
     evaluation of a message's authenticity, so can be exploited by an
     untrusted attacker.
     https://shibboleth.net/community/advisories/secadv_20190311.txt
     https://issues.shibboleth.net/jira/browse/CPPXT-143
     Thanks to Scott Cantor (Closes: #924346)
Checksums-Sha1:
 5bae877c157e05c1161bc104f673c9a30cccfd32 2677 xmltooling_3.0.4-1.dsc
 e0ef8e450c6517eca3273d9900777b354d3997bf 608437 xmltooling_3.0.4.orig.tar.bz2
 ea9ddb61217250015760c11bf6f1a8641ad3e17b 833 xmltooling_3.0.4.orig.tar.bz2.asc
 52ae2293d2f6d0e68c5db083a20cf7c1e35471e9 52912 xmltooling_3.0.4-1.debian.tar.xz
 eb4243157a4eecc87bf4033922629fc4416d9b92 9832 xmltooling_3.0.4-1_amd64.buildinfo
Checksums-Sha256:
 7597c2b1c21205527531648443586d4b32b6937652e72dedfbcdbb6be9e31bfc 2677 xmltooling_3.0.4-1.dsc
 bb87febe730f97fc58f6f6b6782d7ab89bf240944dd6e5f1c1d9681254bb9a88 608437 xmltooling_3.0.4.orig.tar.bz2
 d25e2b86fe37f1764ce6262bf6741f378164b1883d5438cd8c8ccc6e7bbd6948 833 xmltooling_3.0.4.orig.tar.bz2.asc
 013d771ee9f5be8f1a7268a379e36bf2a5909172612d1314a3af3a90b0ad59e0 52912 xmltooling_3.0.4-1.debian.tar.xz
 1778a5430e07a8866e0e0b16401119089b55efe831e863e30ed0617492aa074a 9832 xmltooling_3.0.4-1_amd64.buildinfo
Files:
 308c3546142c7658a582a4c42acc1254 2677 libs optional xmltooling_3.0.4-1.dsc
 b210bffe55ddaf8ded77af4ac8389639 608437 libs optional xmltooling_3.0.4.orig.tar.bz2
 c7858fa00afbaaf864c9b1f7c8c6908b 833 libs optional xmltooling_3.0.4.orig.tar.bz2.asc
 b67c62db4d85791052c1b92e5fb015b2 52912 libs optional xmltooling_3.0.4-1.debian.tar.xz
 a1e98c1b410ce9126748e118454dfce8 9832 libs optional xmltooling_3.0.4-1_amd64.buildinfo