[SCM] Debian packaging for OpenSAML 2.0 branch, lenny, updated. debian/2.0-2+lenny1-4-gb6f6e7a
Russ Allbery
rra at debian.org
Fri Dec 4 02:04:20 UTC 2009
The following commit has been merged in the lenny branch:
commit b6f6e7aa09adb058f58351ca9c38238aefd8a17f
Author: Russ Allbery <rra at debian.org>
Date: Thu Dec 3 16:26:04 2009 -0800
Include a description of the security issue in the changelog
diff --git a/debian/changelog b/debian/changelog
index 0093168..be26efc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,6 +1,9 @@
opensaml2 (2.0-2+lenny2) stable-security; urgency=high
- * SECURITY: Backport fix for CVE-2009-3300
+ * SECURITY: Partial fix for improper handling of URLs that could be
+ abused for script injection and other cross-site scripting attacks.
+ The complete fix also requires a newer shibboleth-sp2 package.
+ (CVE-2009-3300)
-- Ferenc Wagner <wferi at niif.hu> Mon, 23 Nov 2009 20:41:32 +0100
--
Debian packaging for OpenSAML 2.0
More information about the Pkg-shibboleth-devel
mailing list