xmltooling_1.3.1-1~bpo50+1_i386.changes is NEW
libxmltooling-dev_1.3.1-1~bpo50+1_i386.deb
to pool/main/x/xmltooling/libxmltooling-dev_1.3.1-1~bpo50+1_i386.deb
libxmltooling-doc_1.3.1-1~bpo50+1_all.deb
to pool/main/x/xmltooling/libxmltooling-doc_1.3.1-1~bpo50+1_all.deb
(new) libxmltooling4_1.3.1-1~bpo50+1_i386.deb extra libs
C++ XML parsing library with encryption support (runtime)
The XMLTooling library contains generic XML parsing and processing
classes based on the Xerces-C DOM. It adds more powerful facilities for
declaring element- and type-specific API and implementation classes, as
well as signing and encryption support.
.
This package contains the files necessary for running applications that
use the XMLTooling library.
xmltooling-schemas_1.3.1-1~bpo50+1_all.deb
to pool/main/x/xmltooling/xmltooling-schemas_1.3.1-1~bpo50+1_all.deb
xmltooling_1.3.1-1~bpo50+1.diff.gz
to pool/main/x/xmltooling/xmltooling_1.3.1-1~bpo50+1.diff.gz
xmltooling_1.3.1-1~bpo50+1.dsc
to pool/main/x/xmltooling/xmltooling_1.3.1-1~bpo50+1.dsc
xmltooling_1.3.1.orig.tar.gz
to pool/main/x/xmltooling/xmltooling_1.3.1.orig.tar.gz
Changes: xmltooling (1.3.1-1~bpo50+1) lenny-backports; urgency=low
.
* Backport to stable.
* Build against libxerces-c2-dev instead of libxerces-c-dev.
.
xmltooling (1.3.1-1) unstable; urgency=high
.
* Urgency set to high for security fix.
* New upstream release.
- SECURITY: Partial fix for improper handling of URLs that could be
abused for script injection and other cross-site scripting attacks.
The complete fix also requires newer opensaml2 and shibboleth-sp2
packages. (CVE-2009-3300)
- Add setter for KeyInfoResolver object.
- Fix extraction of cert info for UTF-8 handling changes.
- Fix passing of TransportOption configuration to cURL.
- Fix instability in reusing a DOM after signing it.
- Remove xmlns:xml namespace declaration when marshalling and
unmarshalling to avoid canonicalization bugs.
* Rename library package for upstream SONAME bump.
* Build-depend on libxml-security-c-dev 1.5 or later and make
libxmltooling-dev depend on libxml-security-c-dev 1.5 or later to
ensure that all builds are consistent. Although this package will
build with 1.4, the other packages built on xmltooling require 1.5.
Override entries for your package:
libxmltooling-dev_1.3.1-1~bpo50+1_i386.deb - extra libdevel
libxmltooling-doc_1.3.1-1~bpo50+1_all.deb - extra doc
xmltooling-schemas_1.3.1-1~bpo50+1_all.deb - extra text
xmltooling_1.3.1-1~bpo50+1.dsc - source libs
Announcing to backports-changes@lists.backports.org
Your package contains new components which requires manual editing of
the override file. It is ok otherwise, so please be patient. New
packages are usually added to the override file about once a week.
You may have gotten the distribution wrong. You'll get warnings above
if files already exist in other distributions.
ist in other distributions.
Reply to: