Security update for shibboleth-sp in lenny
Moritz Muehlenhoff
jmm at inutil.org
Wed Dec 2 21:27:33 UTC 2009
On Tue, Dec 01, 2009 at 06:12:16PM -0800, Russ Allbery wrote:
> I'm very sorry about how long it's taken me to prepare these patches.
> This should address CVE 2009-3300 in the shibboleth-sp (not
> shibboleth-sp2) packages in Debian lenny. I will also work on a backport
> of these patches to the version that released with Debian etch.
>
> Note that the upstream source contains Windows line endings in some
> places, which my mailer doesn't want to send without encoding, so this
> patch may require the ignore whitespace flag to apply as-is.
>
> Please let me know if these are good for upload to the stable-security
> queue.
Looks fine, please upload. I'll take care of the update.
Cheers,
Moritz
More information about the Pkg-shibboleth-devel
mailing list