xmltooling_1.3.1-1~bpo50+1_i386.changes is NEW

To: Russ Allbery <rra@debian.org>
Subject: xmltooling_1.3.1-1~bpo50+1_i386.changes is NEW
From: Backports.org archive Installer <installer@backports.org>
Date: Tue, 17 Nov 2009 21:02:05 +0100 (CET)
Message-id: <[🔎] 20091117200205.E90B1292ACDB0@www.backports.org>

libxmltooling-dev_1.3.1-1~bpo50+1_i386.deb
  to pool/main/x/xmltooling/libxmltooling-dev_1.3.1-1~bpo50+1_i386.deb
libxmltooling-doc_1.3.1-1~bpo50+1_all.deb
  to pool/main/x/xmltooling/libxmltooling-doc_1.3.1-1~bpo50+1_all.deb
(new) libxmltooling4_1.3.1-1~bpo50+1_i386.deb extra libs
C++ XML parsing library with encryption support (runtime)
 The XMLTooling library contains generic XML parsing and processing
 classes based on the Xerces-C DOM.  It adds more powerful facilities for
 declaring element- and type-specific API and implementation classes, as
 well as signing and encryption support.
 .
 This package contains the files necessary for running applications that
 use the XMLTooling library.
xmltooling-schemas_1.3.1-1~bpo50+1_all.deb
  to pool/main/x/xmltooling/xmltooling-schemas_1.3.1-1~bpo50+1_all.deb
xmltooling_1.3.1-1~bpo50+1.diff.gz
  to pool/main/x/xmltooling/xmltooling_1.3.1-1~bpo50+1.diff.gz
xmltooling_1.3.1-1~bpo50+1.dsc
  to pool/main/x/xmltooling/xmltooling_1.3.1-1~bpo50+1.dsc
xmltooling_1.3.1.orig.tar.gz
  to pool/main/x/xmltooling/xmltooling_1.3.1.orig.tar.gz
Changes: xmltooling (1.3.1-1~bpo50+1) lenny-backports; urgency=low
 .
  * Backport to stable.
  * Build against libxerces-c2-dev instead of libxerces-c-dev.
 .
xmltooling (1.3.1-1) unstable; urgency=high
 .
  * Urgency set to high for security fix.
  * New upstream release.
    - SECURITY: Partial fix for improper handling of URLs that could be
      abused for script injection and other cross-site scripting attacks.
      The complete fix also requires newer opensaml2 and shibboleth-sp2
      packages.  (CVE-2009-3300)
    - Add setter for KeyInfoResolver object.
    - Fix extraction of cert info for UTF-8 handling changes.
    - Fix passing of TransportOption configuration to cURL.
    - Fix instability in reusing a DOM after signing it.
    - Remove xmlns:xml namespace declaration when marshalling and
      unmarshalling to avoid canonicalization bugs.
  * Rename library package for upstream SONAME bump.
  * Build-depend on libxml-security-c-dev 1.5 or later and make
    libxmltooling-dev depend on libxml-security-c-dev 1.5 or later to
    ensure that all builds are consistent.  Although this package will
    build with 1.4, the other packages built on xmltooling require 1.5.


Override entries for your package:
libxmltooling-dev_1.3.1-1~bpo50+1_i386.deb - extra libdevel
libxmltooling-doc_1.3.1-1~bpo50+1_all.deb - extra doc
xmltooling-schemas_1.3.1-1~bpo50+1_all.deb - extra text
xmltooling_1.3.1-1~bpo50+1.dsc - source libs

Announcing to backports-changes@lists.backports.org


Your package contains new components which requires manual editing of
the override file.  It is ok otherwise, so please be patient.  New
packages are usually added to the override file about once a week.

You may have gotten the distribution wrong.  You'll get warnings above
if files already exist in other distributions.
ist in other distributions.

Reply to:

Prev by Date: [Backports-queue] Processing of xmltooling_1.3.1-1~bpo50+1_i386.changes
Next by Date: [Backports-queue] Processing of openvas-server_2.0.3-3~bpo50+1_hppa.changes
Previous by thread: [Backports-queue] Processing of xmltooling_1.3.1-1~bpo50+1_i386.changes
Next by thread: [Backports-queue] Processing of openvas-server_2.0.3-3~bpo50+1_hppa.changes
Index(es):
- Date
- Thread