Security update for shibboleth-sp in lenny

Moritz Muehlenhoff jmm at
Wed Dec 2 21:27:33 UTC 2009

On Tue, Dec 01, 2009 at 06:12:16PM -0800, Russ Allbery wrote:
> I'm very sorry about how long it's taken me to prepare these patches.
> This should address CVE 2009-3300 in the shibboleth-sp (not
> shibboleth-sp2) packages in Debian lenny.  I will also work on a backport
> of these patches to the version that released with Debian etch.
> Note that the upstream source contains Windows line endings in some
> places, which my mailer doesn't want to send without encoding, so this
> patch may require the ignore whitespace flag to apply as-is.
> Please let me know if these are good for upload to the stable-security
> queue.

Looks fine, please upload. I'll take care of the update.


More information about the Pkg-shibboleth-devel mailing list