Overview

File xmltooling.changes of Package xmltooling.10706

-------------------------------------------------------------------
Thu Mar 21 12:28:18 UTC 2019 - Kristýna Streitová <kstreitova@suse.com>

- add xmltooling-1.5.6-CVE-2019-9628.patch to fix a security bug
  where XML parser class fails to trap exceptions on malformed XML
  declaration [bsc#1129537] [CVE-2019-9628]

-------------------------------------------------------------------
Wed Feb 28 11:15:10 UTC 2018 - kstreitova@suse.com

- add xmltooling-1.5.6-CVE-2018-0489.patch to fix a security bug
  when xmltooling 1.6.4 mishandles digital signatures of user data,
  which allows remote attackers to obtain sensitive information or
  conduct impersonation attacks via crafted XML data. NOTE: this
  issue exists because of an incomplete fix for CVE-2018-0486.
  [bsc#1083247] [CVE-2018-0489]

-------------------------------------------------------------------
Mon Jan 15 12:06:37 UTC 2018 - kstreitova@suse.com

- add xmltooling-1.5.6-CVE-2018-0486.patch to fix a security bug
  when xmltooling mishandles digital signatures of user attribute
  data, which allows remote attackers to obtain sensitive
  information or conduct impersonation attacks via a crafted DTD
  [bsc#1075975], [CVE-2018-0486]

-------------------------------------------------------------------
Tue Sep  8 08:33:40 UTC 2015 - kstreitova@suse.com

- sync Apache:Shibboleth packages with SLE12SP1 [bnc#944796] 

-------------------------------------------------------------------
Mon Sep  7 14:39:36 UTC 2015 - kstreitova@suse.com

- update to xmltooling 1.5.6 
  * [CPPXT-105] - PKIX revocation checking calls OpenSSL's 
    X509_verify_cert in an unsupported way (breaks with OpenSSL
    1.0.1p/1.0.2d and later)

-------------------------------------------------------------------
Wed Aug  5 18:04:11 UTC 2015 - mpluskal@suse.com

- Add gpg signature

-------------------------------------------------------------------
Thu Jul 30 09:40:32 UTC 2015 - kstreitova@suse.com

- adjust Summary in the specfile
- remove unused conditionals

-------------------------------------------------------------------
Mon Jul 27 08:33:52 UTC 2015 - kstreitova@suse.com

- use spec-cleaner
- package cleaning 
- add xmltooling-1.5.5-doxygen_timestamp.patch to remove timestamps
  in a documentation generated by Doxygen and avoid RPMLINT warnings
  (file-contains-date-and-time).

-------------------------------------------------------------------
Fri Jul 24 15:15:45 UTC 2015 - kstreitova@suse.com

- initial revision
openSUSE Build Service is sponsored by
Places