Accepted xmltooling 1.3.1-1 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 06 Nov 2009 11:30:41 -0800
Source: xmltooling
Binary: libxmltooling4 libxmltooling-dev xmltooling-schemas libxmltooling-doc
Architecture: source i386 all
Version: 1.3.1-1
Distribution: unstable
Urgency: high
Maintainer: Debian Shib Team <pkg-shibboleth-devel@lists.alioth.debian.org>
Changed-By: Russ Allbery <rra@debian.org>
Description:
libxmltooling-dev - C++ XML parsing library with encryption support (development)
libxmltooling-doc - C++ XML parsing library with encryption support (API docs)
libxmltooling4 - C++ XML parsing library with encryption support (runtime)
xmltooling-schemas - XML schemas for XMLTooling
Changes:
xmltooling (1.3.1-1) unstable; urgency=high
.
* Urgency set to high for security fix.
* New upstream release.
- SECURITY: Partial fix for improper handling of URLs that could be
abused for script injection and other cross-site scripting attacks.
The complete fix also requires newer opensaml2 and shibboleth-sp2
packages. (CVE-2009-3300)
- Add setter for KeyInfoResolver object.
- Fix extraction of cert info for UTF-8 handling changes.
- Fix passing of TransportOption configuration to cURL.
- Fix instability in reusing a DOM after signing it.
- Remove xmlns:xml namespace declaration when marshalling and
unmarshalling to avoid canonicalization bugs.
* Rename library package for upstream SONAME bump.
* Build-depend on libxml-security-c-dev 1.5 or later and make
libxmltooling-dev depend on libxml-security-c-dev 1.5 or later to
ensure that all builds are consistent. Although this package will
build with 1.4, the other packages built on xmltooling require 1.5.
Checksums-Sha1:
f9874e1d9e565a1afea977c23793737d6e1f0c35 1443 xmltooling_1.3.1-1.dsc
5ed15af1fde9fcce25b6c30f4760fed691f72b0c 580340 xmltooling_1.3.1.orig.tar.gz
5259cb337f6af9e00d79c6b3f1fe18348d1ce668 6888 xmltooling_1.3.1-1.diff.gz
c23cd2693e9128c8bab802205b3012f2c5166566 754050 libxmltooling4_1.3.1-1_i386.deb
362b092a098d3a283eebd4a1b440b3655f7e4932 75620 libxmltooling-dev_1.3.1-1_i386.deb
b426e08485c574d29683e00f860fdbf903856768 12760 xmltooling-schemas_1.3.1-1_all.deb
78c26dff1cc139e30d6b5cfa02520c2abfcc9ea8 1144948 libxmltooling-doc_1.3.1-1_all.deb
Checksums-Sha256:
990b4a27ef49688ad2a70ec73d12963896947621c8f4b011ea6682afc3bc0498 1443 xmltooling_1.3.1-1.dsc
be6a77a750ee629e3d85e8ffd60c66acfc5db31ee2c413aa804b9b661141b47f 580340 xmltooling_1.3.1.orig.tar.gz
1c89b41661a52436588743599ea10bea9c0e083a998f28fac9422029ff587084 6888 xmltooling_1.3.1-1.diff.gz
5727c99b8c6d12dfdfc01779d648f10bc4e56298c0a959600fa0da1d13800fda 754050 libxmltooling4_1.3.1-1_i386.deb
60e1a5f11bf2132339c8d2d97e11e7881e01e7ca0517f94f1560220bf463fc65 75620 libxmltooling-dev_1.3.1-1_i386.deb
c9cad065d7f0ad794b6f869579143b6d6b703eded6fa3e4ed24bb7b23938df04 12760 xmltooling-schemas_1.3.1-1_all.deb
e9ac4b2ac6826536a333f2a75be0d82c241366f2ba08f60d5ae66e3c8b1b5b15 1144948 libxmltooling-doc_1.3.1-1_all.deb
Files:
6f52c0d9fdad84428b98247f5ff65171 1443 libs extra xmltooling_1.3.1-1.dsc
bde914f9c5742c9e01ec06a091423553 580340 libs extra xmltooling_1.3.1.orig.tar.gz
4651cadfb136c87e29c4e4c7a4457774 6888 libs extra xmltooling_1.3.1-1.diff.gz
bb64fe8ff5687d68acecfce6f8788fa6 754050 libs extra libxmltooling4_1.3.1-1_i386.deb
603c420d4d8be49975053c36c8d4b2b7 75620 libdevel extra libxmltooling-dev_1.3.1-1_i386.deb
c4fa74807b0cc82de5656680e3601606 12760 text extra xmltooling-schemas_1.3.1-1_all.deb
a31f275590cc94805c2cbf368baf0af6 1144948 doc extra libxmltooling-doc_1.3.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkr0fOYACgkQ+YXjQAr8dHYARwCgy6WyOUHsIq3ewZp9qSe9PyoP
T38AnRi90W+cFyGeku28Y1kia7oHfhF0
=/UAo
-----END PGP SIGNATURE-----
Accepted:
libxmltooling-dev_1.3.1-1_i386.deb
to main/x/xmltooling/libxmltooling-dev_1.3.1-1_i386.deb
libxmltooling-doc_1.3.1-1_all.deb
to main/x/xmltooling/libxmltooling-doc_1.3.1-1_all.deb
libxmltooling4_1.3.1-1_i386.deb
to main/x/xmltooling/libxmltooling4_1.3.1-1_i386.deb
xmltooling-schemas_1.3.1-1_all.deb
to main/x/xmltooling/xmltooling-schemas_1.3.1-1_all.deb
xmltooling_1.3.1-1.diff.gz
to main/x/xmltooling/xmltooling_1.3.1-1.diff.gz
xmltooling_1.3.1-1.dsc
to main/x/xmltooling/xmltooling_1.3.1-1.dsc
xmltooling_1.3.1.orig.tar.gz
to main/x/xmltooling/xmltooling_1.3.1.orig.tar.gz
Reply to: