xmltooling - potential code execution

Several vulnerabilities have been discovered in the xmltooling packages,
as used by Shibboleth:

• Chris Ries discovered that decoding a crafted URL leads to a crash (and
  potentially, arbitrary code execution).
• Ian Young discovered that embedded NUL characters in certificate names
  were not correctly handled, exposing configurations using PKIX trust
  validation to impersonation attacks.
• Incorrect processing of SAML metadata ignores key usage constraints.
  This minor issue also needs a correction in the opensaml2 packages,
  which will be provided in an upcoming stable point release (and,
  before that, via stable-proposed-updates).

For the stable distribution (lenny), these problems have been fixed in
version 1.0-2+lenny1.

For the unstable distribution (sid), these problems have been fixed in
version 1.2.2-1.

We recommend that you upgrade your xmltooling packages.